CVE-2024-0618

Summary

CVE-2024-0618 is a vulnerability found in the Contact Form Plugin – Fastest Contact Form Builder Plugin for WordPress by Fluent Forms. This vulnerability affects all versions up to and including 5.1.5 of the plugin. The vulnerability is a Stored Cross-Site Scripting (XSS) issue that occurs due to insufficient input sanitization and output escaping in imported form titles. This allows attackers with administrator-level access to inject arbitrary web scripts that will execute whenever a user accesses an injected page. It's important to note that this vulnerability only affects multi-site installations and installations where unfiltered_html has been disabled. The potential danger lies in the fact that authenticated attackers can exploit this vulnerability, potentially compromising user data and the overall security of affected WordPress sites. To remediate this issue, it is recommended to update the plugin to a version beyond 5.1.5 when it becomes available, or consider using alternative contact form plugins until a patch is released.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.