CVE-2021-24718

CVE-2021-24718: ARForms Form Builder < 1.5 - Admin+ Stored Cross Site Scripting

Vendor Unknown

Product Contact Form, Survey & Popup Form Plugin for WordPress – ARForms Form Builder

Weakness CWE-79 · XSS

Published December 6, 2021

Last update August 3, 2024

View on NVD All CVEs

CVSS base score

—

What the vulnerability does

01Description

The Contact Form, Survey & Popup Form Plugin for WordPress plugin before 1.5 does not properly sanitize some of its settings allowing high privilege users to perform Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed

Key dates

02Disclosure timeline

December 6, 2021 CVE published

August 3, 2024 Record updated

External resources

03References

NVD — National Vulnerability Database https://nvd.nist.gov/vuln/detail/CVE-2021-24718

Related vulnerabilities

04Related CVE

CVE-2025-8666 Testimonial Carousel For Elementor <= 11.6.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via Multiple Widgets CVE-2025-59548 DNN Vulnerable to Reflected Cross-Site Scripting (XSS) in CKEditor File Browser CVE-2023-6487 LuckyWP Table of Contents <= 2.1.5 - Authenticated (Administrator+) Cross-Site Scripting CVE-2021-24673 Appointment Hour Booking < 1.3.16 - Authenticated Stored Cross-Site Scripting CVE-2024-13572 Precious Metals Charts and Widgets for WordPress <= 1.2.8 - Authenticated (Contributor+) Stored Cross-site Scripting