CVE-2026-5112

EPSS 0.23%
Veröffentlicht 02.05.2026 05:29:28
Zuletzt bearbeitet 05.05.2026 19:16:18
Quelle security@wordfence.com
CVE-Watchlists
Login
Unerledigt
Login

Gravity Forms <= 2.10.0 - Unauthenticated Stored Cross-Site Scripting via Calculation Product Field in Repeater

The Gravity Forms plugin for WordPress is vulnerable to Unauthenticated Stored Cross-Site Scripting in versions up to and including 2.10.0. This is due to insufficient input validation and output escaping of Calculation Product field product names when rendered inside Repeater fields. The validate() method in the GF_Field_Calculation class only validates the quantity field (.3) and completely ignores the product name field (.1), allowing malicious HTML to pass through validation. When the value is saved, the sanitize_entry_value() method returns the raw value without sanitization for fields where HTML is not expected. Subsequently, when an entry is viewed in wp-admin, the get_value_entry_detail() method concatenates the unescaped product name directly into the output string, which is then rendered by the repeater's get_value_entry_detail() method without further escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts via form submissions that will execute whenever an authenticated administrator with the gravityforms_view_entries capability accesses the entry detail page.

Mögliche Gegenmaßnahme

Gravity Forms: Update to version 2.10.1, or a newer patched version

Betroffene Produkte Warnungen 0 Metriken 2 CWE 1 Referenzen 6

CNA 1 VulnDex Vulnerability Enrichment 2

Daten sind bereitgestellt durch das CVE Programm von einer CVE Numbering Authority (CNA) (Unstrukturiert).

HerstellerGravity Forms

≫

Produkt Gravity Forms

Default Statusunaffected

Version <= 2.10.0

Version 0

Status affected

VulnDex Vulnerability Enrichment

Diese Information steht angemeldeten Benutzern zur Verfügung.

Weitere Schwachstelleninformationen

SystemWordPress Plugin

≫

Produkt Gravity Forms

Version *-2.10.0

Zu dieser CVE wurde keine Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.23%	0.138

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
security@wordfence.com	7.2	3.9	2.7	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N

CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.

https://docs.gravityforms.com/gravityforms-change-log/

https://www.wordfence.com/threat-intel/vulnerabilities/id/63973f61-81f0-4fc8-810c-a15734ff824e?source=cve

https://www.wordfence.com/threat-intel/vulnerabilities/id/63973f61-81f0-4fc8-810c-a15734ff824e

Third Party Advisory

https://nvd.nist.gov/vuln/detail/CVE-2026-5112

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2026-5112

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2026-5112

EUVD

Team-orientierte Vulnerability Management Plattform

Features der Plattform

CVE-2026-5112