Overview
- Description
- The File Upload Types by WPForms plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 1.4.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Author-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses the SVG file.
- Source
- security@wordfence.com
- NVD status
- Awaiting Analysis
Risk scores
CVSS 3.1
- Type
- Primary
- Base score
- 6.4
- Impact score
- 2.7
- Exploitability score
- 3.1
- Vector string
- CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N
- Severity
- MEDIUM
Weaknesses
- security@wordfence.com
- CWE-79
Social media
- Hype score
- Not currently trending
🚨 CVE-2024-10016 (Published: 2024-10-25) - Critical vulnerability in WPForms. Affects multiple versions. 🛠️ Remediation is crucial to protect your site. For detailed insights and mitigation steps, check out the full report: https://t.co/zdBsbfBpU4 #CyberSecurity #WPForms
@transilienceai
27 Oct 2024
22 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🚨 CVE-2024-10016 (Published: 2024-10-25) - Critical vulnerability in WPForms. Affects multiple versions. 🛡️ Ensure your site is secure by updating to the latest version immediately. For more details and remediation steps, check out the full report: https://t.co/zdBsbfBpU4… http
@transilienceai
27 Oct 2024
2 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🚨 CVE-2024-10016 (Published: 2024-10-25) - High severity vulnerability in WPForms. Affects multiple versions. Ensure your site is secure by updating to the latest version. For more details and remediation steps, visit: https://t.co/FMSMRWA8So #WordPress #Security
@transilienceai
27 Oct 2024
21 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🚨 CVE-2024-10016 (Published: 2024-10-25) - High vulnerability in WPForms. Affects multiple versions. Ensure your site is secure by updating to the latest version. For more details and remediation steps, visit: https://t.co/FMSMRWA8So #WPForms #CyberSecurity
@transilienceai
27 Oct 2024
14 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🚨 CVE-2024-10016 (Published: 2024-10-25) - A high-severity vulnerability in WPForms affects multiple versions. Users are urged to update to the latest version immediately to mitigate risks. For more details and remediation steps, visit: https://t.co/FMSMRWA8So #WPForms… https://
@transilienceai
27 Oct 2024
8 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🚨 CVE-2024-10016 (Published: 2024-10-25) - Critical vulnerability in WPForms. Affects multiple versions. Ensure your site is secure by updating to the latest version immediately. For detailed remediation steps, check out the full report here: https://t.co/zdBsbfBpU4 #WPForms… ht
@transilienceai
26 Oct 2024
8 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🚨 CVE-2024-10016 (Published: 2024-10-25) - Critical vulnerability in WPForms. Affects multiple versions. Ensure your site is secure by updating to the latest version immediately. For detailed remediation steps, check out the full report: https://t.co/zdBsbfBpU4 #CyberSecurity… h
@transilienceai
26 Oct 2024
11 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🚨 CVE-2024-10016 (Published: 2024-10-25) - High severity vulnerability in WPForms. Affects specific versions. 🛡️ Ensure your site is secure by updating to the latest version. For more details and remediation steps, visit: https://t.co/FMSMRWA8So #WordPress #Security
@transilienceai
26 Oct 2024
14 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🚨 CVE-2024-10016 (Published: 2024-10-25) - A high-severity vulnerability in WPForms affects multiple versions. Users are urged to update to the latest version immediately to mitigate risks. For more details and remediation steps, visit: https://t.co/FMSMRWA8So #WPForms… https://
@transilienceai
26 Oct 2024
11 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes