Описание
The Forminator WordPress plugin before 1.24.4 does not properly escape values that are being reflected inside form fields that use pre-populated query parameters, which could lead to reflected XSS attacks.
Ссылки
- ExploitThird Party Advisory
- Exploit
- ExploitThird Party Advisory
- Exploit
Уязвимые конфигурации
Конфигурация 1Версия до 1.24.4 (исключая)
cpe:2.3:a:incsub:forminator:*:*:*:*:*:wordpress:*:*
EPSS
Процентиль: 31%
0.00117
Низкий
6.1 Medium
CVSS3
Дефекты
Связанные уязвимости
CVSS3: 6.1
github
больше 2 лет назад
The Forminator WordPress plugin before 1.24.4 does not properly escape values that are being reflected inside form fields that use pre-populated query parameters, which could lead to reflected XSS attacks.
EPSS
Процентиль: 31%
0.00117
Низкий
6.1 Medium
CVSS3