CVSS 3.1 Score 5.4 of 10 (medium)


Published Feb 22, 2024


The vulnerability with CVE ID CVE-2024-0903 affects the User Feedback – Create Interactive Feedback Form, User Surveys, and Polls in Seconds plugin for WordPress in all versions up to 1.0.13. It is a Stored Cross-Site Scripting vulnerability caused by insufficient input sanitization and output escaping. This allows unauthenticated attackers to inject arbitrary web scripts in the feedback submission page, which will execute when a user clicks the link while pressing the command key. The risk score for this vulnerability is 26, indicating a medium severity level. The exploitability score is 2.8, and it requires user interaction through the network. The impact on integrity and confidentiality is low, with no availability impact identified. A remediation action is not mentioned in the provided information.

Explore Beyond the CVE Basics with Recorded Future's Vulnerability Intelligence

Note: This is just a basic overview providing quick insights into CVE-2024-0903 information. Gain full access to comprehensive CVE data, risk scores, prioritization, and mitigation data through Recorded Future's Vulnerability Intelligence:
  • Prioritize with Risk-Based Scoring
  • Explore the Extensive Vulnerability Database
  • Receive Early Alerts on Emerging CVEs
  • Focus on Critical Exploitable Vulnerabilities
  • Streamline Remediation with Integration Options