CVE-2021-24907

CVE-2021-24907: Everest Forms < 1.8.0 - Reflected Cross-Site Scripting

Vendor Unknown

Product Contact Form, Drag and Drop Form Builder for WordPress – Everest Forms

Weakness CWE-79 · XSS

Published December 21, 2021

Last update August 3, 2024

View on NVD All CVEs

CVSS base score

—

What the vulnerability does

01Description

The Contact Form, Drag and Drop Form Builder for WordPress plugin before 1.8.0 does not escape the status parameter before outputting it back in an attribute, leading to a Reflected Cross-Site Scripting issue

Key dates

02Disclosure timeline

December 21, 2021 CVE published

August 3, 2024 Record updated

External resources

03References

NVD — National Vulnerability Database https://nvd.nist.gov/vuln/detail/CVE-2021-24907

Related vulnerabilities

04Related CVE

CVE-2021-24964 LiteSpeed Cache < 4.4.4 - IP Check Bypass to Unauthenticated Stored XSS CVE-2024-1805 WPBakery Visual Composer <= 7.5 - Authenticated (Contributor+) Stored Cross-Site Scripting via Button onclick attribute CVE-2025-15171 SohuTV CacheCloud ServerController.java index cross site scripting CVE-2024-27961 WordPress AntiSpam for Contact Form 7 plugin <= 0.6.0 - Reflected Cross Site Scripting (XSS) vulnerability CVE-2025-1679