CVE-2024-7056
CVSS 3.1 Score 4.8 of 10 (medium)
Details
Published Nov 25, 2024
Summary
CVE-2024-7056 is a stored cross-site scripting (XSS) vulnerability affecting the WPForms plugin in WordPress before version 1.9.1.6. This issue allows high-privileged users, including Admins, to inject malicious scripts into forms, even when the unfiltered_html capability is disabled. The plugin fails to sanitize and escape certain settings, making it susceptible to XSS attacks, posing a significant risk in multisite setups.
Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.
Share
Affected Products
- Wpforms Plugin
Affected Vendors
- WPForms