← back
CVE-2021-24718

ARForms Form Builder < 1.5 - Admin+ Stored Cross Site Scripting

EPSS 0.6%CWE-79
Vexday Risk Score
3Low
SSVC decision (CISA)
Track
No exploitation signal → monitor
CVSS EPSS 0.6%KEV nãoPoC Nuclei Metasploit Patch
Lifecycle
06 Dec 2021Published on NVD
Recommendation: Monitor — no exploitation signal at the moment.
The Contact Form, Survey & Popup Form Plugin for WordPress plugin before 1.5 does not properly sanitize some of its settings allowing high privilege users to perform Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed
Affected products
Unknown · Contact Form, Survey & Popup Form Plugin for WordPress – ARForms Form Builder

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
https://wpscan.com/vulnerability/60c9d78f-ae2c-49e0-aca3-6dce1bd8f697