CVSS 3.1 Score 4.4 of 10 (medium)


Published Jan 27, 2024
Updated: Feb 1, 2024


CVE-2024-0618 is a vulnerability found in the Contact Form Plugin – Fastest Contact Form Builder Plugin for WordPress by Fluent Forms. This vulnerability affects all versions up to and including 5.1.5 of the plugin. The vulnerability is a Stored Cross-Site Scripting (XSS) issue that occurs due to insufficient input sanitization and output escaping in imported form titles. This allows attackers with administrator-level access to inject arbitrary web scripts that will execute whenever a user accesses an injected page. It's important to note that this vulnerability only affects multi-site installations and installations where unfiltered_html has been disabled. The potential danger lies in the fact that authenticated attackers can exploit this vulnerability, potentially compromising user data and the overall security of affected WordPress sites. To remediate this issue, it is recommended to update the plugin to a version beyond 5.1.5 when it becomes available, or consider using alternative contact form plugins until a patch is released.

Explore Beyond the CVE Basics with Recorded Future's Vulnerability Intelligence

Note: This is just a basic overview providing quick insights into CVE-2024-0618 information. Gain full access to comprehensive CVE data, risk scores, prioritization, and mitigation data through Recorded Future's Vulnerability Intelligence:
  • Prioritize with Risk-Based Scoring
  • Explore the Extensive Vulnerability Database
  • Receive Early Alerts on Emerging CVEs
  • Focus on Critical Exploitable Vulnerabilities
  • Streamline Remediation with Integration Options