5.4

CVE-2021-24505

Exploit

Forms < 1.12.3 - Authenticated Stored Cross-Site Scripting (XSS)

Forms <= 1.12.2 - Authenticated Stored Cross-Site Scripting

The Forms WordPress plugin before 1.12.3 did not sanitise its input fields, leading to Stored Cross-Site scripting issues. The plugin was vulnerable to an Authenticated Stored Cross-Site Scripting (XSS) vulnerability within the Forms "Add new" field.
Mögliche Gegenmaßnahme
Forms: Update to version 1.12.3, or a newer patched version
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
MadeitForms SwPlatformwordpress Version < 1.12.3
Weitere Schwachstelleninformationen
SystemWordPress Plugin
Produkt Forms
Version [*, 1.12.3)
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.62% 0.449
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 5.4 2.3 2.7
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
nvd@nist.gov 3.5 6.8 2.9
AV:N/AC:M/Au:S/C:N/I:P/A:N
CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.

https://wpscan.com/vulnerability/550e08ac-4c3a-4e22-8e98-bc5bfc020ca9
Third Party Advisory
Exploit
https://www.wordfence.com/threat-intel/vulnerabilities/id/3424c187-cf71-41f0-abb8-f0e843750465
Third Party Advisory