CVE-2023-5141

Name of the Vulnerable Software and Affected Versions BSK Contact Form 7 Blacklist WordPress plugin versions 1.0.1 and earlier

Description The issue is related to a Reflected Cross-Site Scripting problem. It occurs because the inserted count parameter is not properly sanitized and escaped before being outputted back in the page. This could be exploited against high-privilege users, such as administrators.

Recommendations For versions 1.0.1 and earlier, as a temporary workaround, consider disabling the functionality that outputs the inserted count parameter until a patch is available. Restrict access to areas where this parameter is used to minimize the risk of exploitation. Update to a version that fixes this issue once it becomes available.