CVE-2021-24718: ARForms Form Builder < 1.5 - Admin+ Stored Cross Site Scripting
First published: Mon Dec 06 2021(Updated: )
The Contact Form, Survey & Popup Form Plugin for WordPress plugin before 1.5 does not properly sanitize some of its settings allowing high privilege users to perform Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed
Credit: contact@wpscan.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Reputeinfosystems Contact Form\, Survey \& Popup Form Plugin For Wordpress - Arforms Form Builder | <1.5 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Frequently Asked Questions
What is the vulnerability ID for this vulnerability?
The vulnerability ID for this vulnerability is CVE-2021-24718.
What is the severity rating of CVE-2021-24718?
The severity rating of CVE-2021-24718 is medium (4.8).
What is the affected software of CVE-2021-24718?
The affected software of CVE-2021-24718 is the Contact Form, Survey & Popup Form Plugin for WordPress plugin before version 1.5.
What is the CWE category of CVE-2021-24718?
The CWE category of CVE-2021-24718 is CWE-79 (Cross-Site Scripting).
How can the Cross-Site Scripting vulnerability be mitigated in the Contact Form, Survey & Popup Form Plugin for WordPress plugin?
To mitigate the Cross-Site Scripting vulnerability in the Contact Form, Survey & Popup Form Plugin for WordPress plugin, it is recommended to update to version 1.5 or later, which properly sanitizes the plugin's settings.
- collector/nvd-index
- agent/type
- agent/softwarecombine
- collector/mitre-cve
- source/MITRE
- agent/severity
- agent/references
- agent/last-modified-date
- agent/weakness
- agent/title
- agent/author
- agent/tags
- agent/description
- agent/event
- agent/first-publish-date
- vendor/reputeinfosystems
- canonical/reputeinfosystems contact form\, survey \& popup form plugin for wordpress - arforms form builder