- Description
- The Contact Form Plugin by Fluent Forms for Quiz, Survey, and Drag & Drop WP Form Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the form's subject parameter in all versions up to, and including, 5.2.6 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
- Source
- security@wordfence.com
- NVD status
- Analyzed
CVSS 3.1
- Type
- Primary
- Base score
- 6.1
- Impact score
- 2.7
- Exploitability score
- 2.8
- Vector string
- CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
- Severity
- MEDIUM
- security@wordfence.com
- CWE-79
- Hype score
- Not currently trending
CVE-2024-10646 (CVSS:7.2, HIGH) is Awaiting Analysis. The Contact Form Plugin by Fluent Forms for Quiz, Survey, and Drag & Drop WP Form Builder plugin for WordPress is vulner..https://t.co/GQTMUe0y2F #cybersecurityawareness #cybersecurity #CVE #infosec #hacker #nvd #mitre
@cracbot
19 Dec 2024
5 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🚨 CVE-2024-10646 (Published: 2024-12-14) - High severity vulnerability in Fluent Forms. Affects multiple versions. Ensure your installation is updated to the latest version to mitigate risks. Check the remediation details here: https://t.co/pAhfFGhUK8 #WordPress #Security
@transilienceai
17 Dec 2024
25 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🚨 CVE-2024-10646 (Published: 2024-12-14) - High severity vulnerability in Fluent Forms. Affects multiple versions. Users are urged to update to the latest version to mitigate risks. For more details, check the changeset: https://t.co/pAhfFGhUK8 #WordPress #Security
@transilienceai
17 Dec 2024
24 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🚨 CVE-2024-10646 (Published: 2024-12-14) - High severity vulnerability in Fluent Forms. Affects versions prior to 5.2.4. 🛡️ Ensure your plugin is updated to the latest version to mitigate risks. Stay secure! 🔒 For more details: https://t.co/D8YPX17KEX #WordPress #Security
@transilienceai
17 Dec 2024
18 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CVE-2024-10646 Stored XSS Vulnerability in Fluent Forms WordPress Plugin 5.2.6 The Contact Form Plugin by Fluent Forms for WordPress is affected by a Stored Cross-Site Scripting (XSS) vulnerability. This issue ha... https://t.co/1YQKSJBXFf
@VulmonFeeds
14 Dec 2024
67 Impressions
1 Retweet
1 Like
1 Bookmark
0 Replies
0 Quotes
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:fluentforms:contact_form:*:*:*:*:*:wordpress:*:*",
"vulnerable": true,
"matchCriteriaId": "8B33ECED-6F73-42FC-B7B9-8280F12CB6A8",
"versionEndExcluding": "5.2.7"
}
],
"operator": "OR"
}
]
}
]