Cf7 Views 8211 Complete Entry Management For Contact Form 7
Monthly
DOM-based cross-site scripting in the WordPress plugin CF7 Views - Complete Entry Management for Contact Form 7 (by Aman) affects all versions from an unspecified start through 3.2.2, letting a remote attacker who lures a user into interacting with a crafted link or page execute arbitrary JavaScript in that user's browser session. The flaw carries a CVSS 3.1 base score of 7.1 with a scope change (S:C), reflecting that script executes outside the vulnerable component's security context. There is no public exploit identified at time of analysis and it is not listed in CISA KEV; the issue was disclosed via Patchstack.
DOM-based cross-site scripting in the WordPress plugin CF7 Views - Complete Entry Management for Contact Form 7 (by Aman) affects all versions from an unspecified start through 3.2.2, letting a remote attacker who lures a user into interacting with a crafted link or page execute arbitrary JavaScript in that user's browser session. The flaw carries a CVSS 3.1 base score of 7.1 with a scope change (S:C), reflecting that script executes outside the vulnerable component's security context. There is no public exploit identified at time of analysis and it is not listed in CISA KEV; the issue was disclosed via Patchstack.