Vulnerability CVE-2021-24505

Vulnerability CVE-2021-24505

Published: 2021-08-09

Description:

The Forms WordPress plugin before 1.12.3 did not sanitise its input fields, leading to Stored Cross-Site scripting issues. The plugin was vulnerable to an Authenticated Stored Cross-Site Scripting (XSS) vulnerability within the Forms "Add new" field.

Type:

CWE-79

(Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting'))

CVSS2 => (AV:N/AC:M/Au:S/C:N/I:P/A:N)

CVSS Base Score	Impact Subscore	Exploitability Subscore
3.5/10	2.9/10	6.8/10

Exploit range	Attack complexity	Authentication
Remote	Medium	Single time
Confidentiality impact	Integrity impact	Availability impact
None	Partial	None

Affected software
Madeit -> Forms

References:

https://wpscan.com/vulnerability/550e08ac-4c3a-4e22-8e98-bc5bfc020ca9

Copyright 2024, cxsecurity.com