The Contact Form Plugin by Fluent Forms for Quiz, Survey, and Drag & Drop WP Form Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting in all versions up to, and including, 5.1.19 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Administrator-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
Metrics
Affected Vendors & Products
References
History
Tue, 27 Aug 2024 13:45:00 +0000
Type | Values Removed | Values Added |
---|---|---|
First Time appeared |
Fluentforms
Fluentforms contact Form |
|
CPEs | cpe:2.3:a:fluentforms:contact_form:*:*:*:*:*:wordpress:*:* | |
Vendors & Products |
Fluentforms
Fluentforms contact Form |
MITRE
Status: PUBLISHED
Assigner: Wordfence
Published: 2024-07-27T11:37:29.048Z
Updated: 2024-08-01T21:41:03.483Z
Reserved: 2024-07-04T19:18:11.587Z
Link: CVE-2024-6520
Vulnrichment
Updated: 2024-08-01T21:41:03.483Z
NVD
Status : Modified
Published: 2024-07-27T12:15:11.030
Modified: 2024-11-21T09:49:47.620
Link: CVE-2024-6520
Redhat
No data.