CVE-2021-24896

CVE-2021-24896: Caldera forms < 1.9.5 - Admin+ Stored Cross-Site Scripting

Vendor Unknown

Product Caldera Forms – More Than Contact Forms

Weakness CWE-79 · XSS

Published December 13, 2021

Last update August 3, 2024

View on NVD All CVEs

CVSS base score

—

What the vulnerability does

01Description

The Caldera Forms WordPress plugin before 1.9.5 does not sanitise and escape the Form Name before outputting it in attributes, which could allow high privilege users to perform Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed.

Key dates

02Disclosure timeline

December 13, 2021 CVE published

August 3, 2024 Record updated

External resources

03References

NVD — National Vulnerability Database https://nvd.nist.gov/vuln/detail/CVE-2021-24896

Related vulnerabilities

04Related CVE

CVE-2024-11626 CVE-2023-47514 WordPress Star CloudPRNT for WooCommerce Plugin <= 2.0.3 is vulnerable to Cross Site Scripting (XSS) CVE-2026-26226 beautiful-mermaid < 0.1.3 SVG Attribute Injection CVE-2022-20674 Cisco Common Services Platform Collector Cross-Site Scripting Vulnerabilities CVE-2024-23635 AntiSamy malicious input can provoke XSS when preserving comments