CVE-2023-3134

CWE-79 — Cross-site Scripting (XSS)3 documents3 sources

Severity

6.1MEDIUM

EPSS

0.1%

top 69.61%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Unknown Forminator Incsub Forminator

Timeline

PublishedJul 31

Description

The Forminator WordPress plugin before 1.24.4 does not properly escape values that are being reflected inside form fields that use pre-populated query parameters, which could lead to reflected XSS attacks.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:NExploitability: 2.8 | Impact: 2.7

Affected Packages2 packages

▶NVDincsub/forminator< 1.24.4

▶CVEListV5unknown/forminator< 1.24.4

🔴Vulnerability Details

CVEList

Forminator < 1.24.4 - Reflected XSS↗2023-07-31

▶

GHSA

GHSA-hqvg-xqpv-4p9r: The Forminator WordPress plugin before 1↗2023-07-31

▶