CVE-2024-12587

The vulnerable software is the Contact Form Master WordPress plugin, with versions up to 1.0.7 being affected. The vulnerability is a Reflected Cross-Site Scripting (XSS) vulnerability, which occurs because the plugin does not sanitize and escape a parameter before outputting it back in the page. This could be used against high privilege users, such as admins. There is a public reference to this vulnerability, identified as CVE-2024-12587. No information is provided about whether this vulnerability has been exploited by attackers or the number of Internet users that can be affected. The vulnerability can be exploited by manipulating a parameter that is not properly sanitized and escaped by the plugin, allowing an attacker to inject malicious code into the page. #CVE-2024-12587 #ContactFormMaster #WordPressPlugin #ReflectedXSS #CrossSiteScripting