CVE-2023-3134: Forminator < 1.24.4 - Reflected XSS
First published: Mon Jul 31 2023(Updated: )
The Forminator WordPress plugin before 1.24.4 does not properly escape values that are being reflected inside form fields that use pre-populated query parameters, which could lead to reflected XSS attacks.
Credit: contact@wpscan.com contact@wpscan.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Forminator | <1.24.4 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the vulnerability ID for this Forminator WordPress plugin vulnerability?
The vulnerability ID for this Forminator WordPress plugin vulnerability is CVE-2023-3134.
What is the severity of CVE-2023-3134?
The severity of CVE-2023-3134 is medium.
How does the Forminator WordPress plugin vulnerability occur?
The Forminator WordPress plugin vulnerability occurs due to improper value escaping in form fields that use pre-populated query parameters, leading to reflected XSS attacks.
What is the affected software of CVE-2023-3134?
The affected software of CVE-2023-3134 is the Forminator WordPress plugin before version 1.24.4.
How can I fix the CVE-2023-3134 vulnerability?
To fix the CVE-2023-3134 vulnerability, update the Forminator WordPress plugin to version 1.24.4 or newer.
- agent/references
- agent/type
- agent/author
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/title
- agent/severity
- agent/weakness
- agent/first-publish-date
- agent/event
- agent/description
- agent/source
- agent/tags
- agent/softwarecombine
- collector/nvd-latest
- agent/software-canonical-lookup-request
- collector/nvd-index
- collector/nvd-api
- vendor/incsub
- canonical/forminator