CVE-2021-24505

CVE-2021-24505: Forms < 1.12.3 - Authenticated Stored Cross-Site Scripting (XSS)

Vendor Unknown
Product Forms
Weakness CWE-79 · XSS
Published August 9, 2021
Last update August 3, 2024

CVSS base score

What the vulnerability does

01Description

The Forms WordPress plugin before 1.12.3 did not sanitise its input fields, leading to Stored Cross-Site scripting issues. The plugin was vulnerable to an Authenticated Stored Cross-Site Scripting (XSS) vulnerability within the Forms "Add new" field.

Key dates

02Disclosure timeline

August 9, 2021 CVE published
August 3, 2024 Record updated