CVE-2025-24708: WordPress WP Dynamics CRM plugin <= 1.1.6 - Reflected Cross Site Scripting (XSS) vulnerability
First published: Mon Jan 27 2025(Updated: )
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in CRM Perks WP Dynamics CRM for Contact Form 7, WPForms, Elementor, Formidable and Ninja Forms allows Reflected XSS. This issue affects WP Dynamics CRM for Contact Form 7, WPForms, Elementor, Formidable and Ninja Forms: from n/a through 1.1.6.
Credit: audit@patchstack.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| WordPress WP Dynamics CRM | <=1.1.6 | |
| WPForms Lite | <=1.1.6 | |
| WordPress Elementor | <=1.1.6 | |
| Formidable Forms by Strategy11 | <=1.1.6 | |
| Ninja Forms | <=1.1.6 |
Remedy
Update the WordPress WP Dynamics CRM for Contact Form 7, WPForms, Elementor, Formidable and Ninja Forms plugin to the latest available version (at least 1.1.7).
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
- collector/mitre-cve
- source/MITRE
- agent/title
- agent/weakness
- agent/references
- agent/remedy
- agent/description
- agent/first-publish-date
- agent/type
- collector/nvd-api
- source/NVD
- agent/severity
- agent/last-modified-date
- agent/author
- agent/event
- agent/source
- agent/epss
- agent/tags
- agent/softwarecombine
- agent/guess-ai
- agent/software-canonical-lookup
- agent/software-canonical-lookup-request
- collector/epss-latest
- source/FIRST
- vendor/wordpress
- canonical/wordpress wp dynamics crm
- canonical/wpforms lite
- canonical/wordpress elementor
- canonical/formidable forms by strategy11
- canonical/ninja forms