CVE-2024-9768
CVSS 3.1 Score 4.8 of 10 (medium)
Details
Published Nov 21, 2024
Updated: Nov 26, 2024
CWE ID 79
Summary
CVE-2024-9768: A vulnerability has been identified in the Formidable Forms WordPress plugin, impacting versions prior to 6.14.1. This issue permits high privilege users, including admins, to execute Stored Cross-Site Scripting attacks. Although the unfiltered_html capability is disallowed in some setups, the plugin fails to sanitize and escape certain settings, making these attacks possible.
Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.
Share