CVE-2024-31110 – WordPress Contact Form 7 Newsletter plugin <= 2.2 - Cross Site Scripting (XSS) vulnerability

https://notcve.org/view.php?id=CVE-2024-31110

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Katz Web Services, Inc. Contact Form 7 Newsletter allows Reflected XSS.This issue affects Contact Form 7 Newsletter: from n/a through 2.2. Neutralización inadecuada de la entrada durante la vulnerabilidad de generación de páginas web ('Cross-site Scripting') en Contact Form 7 Newsletter para WordPress de Katz Web Services, Inc. permite XSS reflejado. Este problema afecta el boletín del Formulario de contacto 7: desde n/a hasta 2.2. The Contact Form 7 Newsletter plugin for WordPress is vulnerable to Reflected Cross-Site Scripting in all versions up to, and including, 2.2 due to insufficient input sanitization and output escaping. • https://patchstack.com/database/vulnerability/contact-form-7-newsletter/wordpress-contact-form-7-newsletter-plugin-2-2-cross-site-scripting-xss-vulnerability?_s_id=cve • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •