Behrouz Mansoori

CVE-2023-54332 EXPLOITDB MEDIUM text WORKING POC

Jetpack 11.4 - Cross-Site Scripting via Contact Form post_id Parameter

Jetpack 11.4 contains a cross-site scripting vulnerability in the contact form module that allows attackers to inject malicious scripts through the post_id parameter. Attackers can craft malicious URLs with script payloads to execute arbitrary JavaScript in victims' browsers when they interact with the contact form page.

CVSS 6.1

View Code