CVE-2021-24744

CVE-2021-24744: WordPress Contact Forms by Cimatti < 1.4.12 - Admin+ Stored Cross-Site Scripting

Vendor Unknown

Product WordPress Contact Forms by Cimatti

Weakness CWE-79 · XSS

Published October 25, 2021

Last update August 3, 2024

View on NVD All CVEs

CVSS base score

—

What the vulnerability does

01Description

The WordPress Contact Forms by Cimatti WordPress plugin before 1.4.12 does not sanitise and escape the Form Title before outputting it in some admin pages. which could allow high privilege users to perform Cross-Site Scripting attacks even when the unfiltered_html is disallowed.

Key dates

02Disclosure timeline

October 25, 2021 CVE published

August 3, 2024 Record updated

External resources

03References

NVD — National Vulnerability Database https://nvd.nist.gov/vuln/detail/CVE-2021-24744 CWE — Common Weakness Enumeration https://cwe.mitre.org/data/definitions/79.html

Related vulnerabilities

04Related CVE

CVE-2025-14560 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in GitLab CVE-2022-1217 Custom TinyMCE Shortcode Button <= 1.1 - Reflected Cross-Site Scripting CVE-2024-12189 WDesignKit – Elementor & Gutenberg Starter Templates, Patterns, Cloud Workspace & Widget Builder <= 1.2.3 - Authenticated (Contributor+) Stored Cross-Site Scripting CVE-2024-3883 3D FlipBook <= 1.15.4 - Authenticated (Author+) Stored Cross-Site Scritping via Bookmark URL CVE-2022-46147 Drag and Drop XBlock v2 has XSS Issues in Xblock Input Fields