CVSS Score of 10 (low)


Published Jul 17, 2023
Updated: Nov 7, 2023


CVE-2023-2701 is a vulnerability impacting the Gravity Forms WordPress plugin before version 2.7.5. The vulnerability involves the plugin's failure to properly escape generated URLs before outputting them in attributes, resulting in Reflected Cross-Site Scripting (XSS). This could be exploited by high-privileged users, such as administrators. The affected products include various versions of the Gravity Forms plugin. To remediate this vulnerability, users should update to version 2.7.5 or later. The potential danger this vulnerability poses to an organization is a medium severity rating, with a base score of 6.1, indicating the possibility of unauthorized script execution and potential impact on integrity and confidentiality of data.

Leverage our Vulnerability Intelligence module to secure your systems now - get detailed insights on CVE-2024-37364. Book your demo today.


Explore Beyond the CVE Basics with Recorded Future's Vulnerability Intelligence

Note: This is just a basic overview providing quick insights into CVE-2023-2701 information. Gain full access to comprehensive CVE data, risk scores, prioritization, and mitigation data through Recorded Future's Vulnerability Intelligence:
  • Prioritize with Risk-Based Scoring
  • Explore the Extensive Vulnerability Database
  • Receive Early Alerts on Emerging CVEs
  • Focus on Critical Exploitable Vulnerabilities
  • Streamline Remediation with Integration Options