CVE-2021-24907

medium

Description

The Contact Form, Drag and Drop Form Builder for WordPress plugin before 1.8.0 does not escape the status parameter before outputting it back in an attribute, leading to a Reflected Cross-Site Scripting issue

References

https://wpscan.com/vulnerability/56dae1ae-d5d2-45d3-8991-db69cc47ddb7

Details

Source: Mitre, NVD

Published: 2021-12-21

Updated: 2021-12-27

Risk Information

CVSS v2

Base Score: 4.3

Vector: CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:N

Severity: Medium

CVSS v3

Base Score: 6.1

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N