CVE-2021-24700

CWE-79Cross-site Scripting (XSS)3 documents3 sources
Severity
4.8MEDIUM
EPSS
0.2%
top 57.07%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Incsub Forminator
Timeline
PublishedNov 23
Latest updateMay 24

Description

The Forminator WordPress plugin before 1.15.4 does not sanitize and escape the email field label, which could allow high privilege users to perform Cross-Site Scripting attacks even when the unfiltered_html is disallowed

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:NExploitability: 1.7 | Impact: 2.7

Affected Packages1 packages

NVDincsub/forminator< 1.15.4

🔴Vulnerability Details

2
GHSA
GHSA-w47h-56cf-m4g5: The Forminator WordPress plugin before 12022-05-24
CVEList
Forminator < 1.15.4 - Admin+ Stored Cross-Site Scripting2021-11-23
CVE-2021-24700 (MEDIUM CVSS 4.8) | The Forminator WordPress plugin bef | cvebase.io