PT-2024-30457 · Unknown · Void Contact Form 7 Widget For Elementor Page Builder

Michael

Published

2024-08-18

Updated

2024-08-25

CVE-2024-43291

CVSS v3.1

5.9

Medium

Vector

AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:L

Name of the Vulnerable Software and Affected Versions Void Contact Form 7 Widget For Elementor Page Builder versions through 2.4.1

Description The issue affects the Void Contact Form 7 Widget For Elementor Page Builder, allowing Stored XSS due to improper neutralization of input during web page generation. This is a type of Cross-site Scripting vulnerability.

Recommendations For versions through 2.4.1, update to version 2.4.2 or later to resolve the issue. As a temporary workaround, consider restricting user input in the contact form to minimize the risk of exploitation.

Fix

XSS

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-79

Related Identifiers

CVE-2024-43291

Affected Products

Void Contact Form 7 Widget For Elementor Page Builder

PT-2024-30457 · Unknown · Void Contact Form 7 Widget For Elementor Page Builder

CVE-2024-43291

Weakness Enumeration

Related Identifiers

Affected Products

References · 7