cve,link,title,description,vendor,products,score,severity,epss,cisa,cisa_published,article,ransomware,exploited,poc,trended,trended_no_1,published,trended_score
CVE-2024-9528,https://securityvulnerability.io/vulnerability/CVE-2024-9528,Stored Cross-Site Scripting Vulnerability in Contact Form Plugin,"The Fluent Forms plugin for WordPress is susceptible to Stored Cross-Site Scripting vulnerabilities due to inadequate input sanitization and output escaping. This vulnerability affects all versions up to and including 5.1.19. Authenticated attackers, typically those with administrative access capable of editing forms, can exploit this weakness by injecting arbitrary web scripts into form label fields. These scripts execute in the context of user sessions when the compromised pages are accessed, posing a significant risk to user data and overall site security.",Wordpress,"Contact Form Plugin By Fluent Forms For Quiz, Survey, And Drag & Drop WP Form Builder",4.9,MEDIUM,0.0006799999973736703,false,,false,false,false,,false,false,2024-10-05T02:34:50.316Z,0
CVE-2024-5053,https://securityvulnerability.io/vulnerability/CVE-2024-5053,Unauthorized API Key Update Vulnerability Discovered in Fluent Forms Contact Form Plugin for WordPress,"The Contact Form Plugin by Fluent Forms for Quiz, Survey, and Drag & Drop WP Form Builder plugin for WordPress is vulnerable to unauthorized Malichimp API key update due to an insufficient capability check on the verifyRequest function in all versions up to, and including, 5.1.18. This makes it possible for Form Managers with a Subscriber-level access and above to modify the Mailchimp API key used for integration. At the same time, missing Mailchimp API key validation allows the redirect of the integration requests to the attacker-controlled server.",Wordpress,"Contact Form Plugin By Fluent Forms For Quiz, Survey, And Drag & Drop WP Form Builder",4.3,MEDIUM,0.0006000000284984708,false,,false,false,false,,false,false,2024-09-01T10:58:05.084Z,0
CVE-2024-6703,https://securityvulnerability.io/vulnerability/CVE-2024-6703,Stored Cross-Site Scripting Vulnerability in Contact Form Plugin,"The Contact Form Plugin by Fluent Forms for Quiz, Survey, and Drag & Drop WP Form Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘description’ and 'btn_txt' parameters in all versions up to, and including, 5.1.19 due to insufficient input sanitization and output escaping. This makes it possible for attackers with the Form Manager permissions and Subscriber+ user role, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.",Wordpress,"Contact Form Plugin By Fluent Forms For Quiz, Survey, And Drag & Drop WP Form Builder",4.9,MEDIUM,0.00044999999227002263,false,,false,false,false,,false,false,2024-07-27T12:30:05.686Z,0
CVE-2024-6518,https://securityvulnerability.io/vulnerability/CVE-2024-6518,Stored Cross-Site Scripting Vulnerability Affects Fluent Forms Contact Form Plugin,"The Contact Form Plugin by Fluent Forms for Quiz, Survey, and Drag & Drop WP Form Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting in all versions up to, and including, 5.1.19 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Administrator-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.",Wordpress,"Contact Form Plugin By Fluent Forms For Quiz, Survey, And Drag & Drop WP Form Builder",4.8,MEDIUM,0.0005300000193528831,false,,false,false,false,,false,false,2024-07-27T11:37:31.961Z,0
CVE-2024-6520,https://securityvulnerability.io/vulnerability/CVE-2024-6520,Arbitrary Script Injection Vulnerability in Contact Form Plugin,"The Contact Form Plugin by Fluent Forms for Quiz, Survey, and Drag & Drop WP Form Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting in all versions up to, and including, 5.1.19 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Administrator-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.",Wordpress,"Contact Form Plugin By Fluent Forms For Quiz, Survey, And Drag & Drop WP Form Builder",4.8,MEDIUM,0.0005300000193528831,false,,false,false,false,,false,false,2024-07-27T11:37:29.048Z,0
CVE-2024-6521,https://securityvulnerability.io/vulnerability/CVE-2024-6521,Fluent Forms Contact Form Plugin Vulnerable to Stored Cross-Site Scripting,"The Contact Form Plugin by Fluent Forms for Quiz, Survey, and Drag & Drop WP Form Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting in all versions up to, and including, 5.1.19 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Administrator-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.",Wordpress,"Contact Form Plugin By Fluent Forms For Quiz, Survey, And Drag & Drop WP Form Builder",4.8,MEDIUM,0.0005300000193528831,false,,false,false,false,,false,false,2024-07-27T11:13:38.635Z,0
CVE-2024-4157,https://securityvulnerability.io/vulnerability/CVE-2024-4157,"Fluent Forms Quiz, Survey, and Drag & Drop WP Form Builder Plugin Vulnerable to PHP Object Injection","The Contact Form Plugin by Fluent Forms for WordPress is susceptible to a PHP Object Injection vulnerability due to deserialization of untrusted input in the extractDynamicValues function. This flaw impacts all versions up to 5.1.15 and enables authenticated attackers with contributor-level access or higher to inject PHP objects. If a vulnerable POP chain exists through an additional plugin or theme on the target site, the attacker could potentially delete arbitrary files, access sensitive data, or execute malicious code. Securing permissions for 'View Form' and 'Manage Form' by an administrator is a requirement; however, this restriction can be circumvented when combined with CVE-2024-2771.",Wordpress,"Contact Form Plugin By Fluent Forms For Quiz, Survey, And Drag & Drop WP Form Builder",7.5,HIGH,0.0004299999854993075,false,,false,false,false,,false,false,2024-05-22T07:37:24.259Z,0
CVE-2024-4709,https://securityvulnerability.io/vulnerability/CVE-2024-4709,Stored Cross-Site Scripting Vulnerability in Fluent Forms Contact Form Plugin for WordPress,"The Contact Form Plugin by Fluent Forms is prone to a Stored Cross-Site Scripting vulnerability. This issue arises from a lack of sufficient input sanitization and output escaping in the 'subject' parameter. Authenticated attackers possessing contributor-level permissions or higher, with administrator-provided access, can exploit this vulnerability to inject arbitrary web scripts into pages. Consequently, these scripts execute whenever a user accesses the compromised page, posing significant risks to user data and overall site integrity.",Wordpress,"Contact Form Plugin By Fluent Forms For Quiz, Survey, And Drag & Drop WP Form Builder",7.2,HIGH,0.00044999999227002263,false,,false,false,false,,false,false,2024-05-18T07:38:34.748Z,0
CVE-2024-2772,https://securityvulnerability.io/vulnerability/CVE-2024-2772,"Fluent Forms Quiz, Survey, and Drag & Drop WP Form Builder Plugin Vulnerable to Stored Cross-Site Scripting","The Contact Form Plugin developed by Fluent Forms for WordPress contains a vulnerability that allows for Stored Cross-Site Scripting (XSS). This flaw arises from inadequate input sanitization and output escaping in form settings present in all versions up to and including 5.1.13. Authenticated attackers who have access to the settings of Fluent Forms can exploit this vulnerability to inject arbitrary web scripts. These malicious scripts will execute whenever a user accesses a page that has been manipulated. Additionally, this vulnerability can be chained with another weakness, allowing even low-privileged users to inject harmful scripts into the site.",Wordpress,"Contact Form Plugin By Fluent Forms For Quiz, Survey, And Drag & Drop WP Form Builder",6.4,MEDIUM,0.0004299999854993075,false,,false,false,false,,false,false,2024-05-18T07:38:33.407Z,0
CVE-2024-2782,https://securityvulnerability.io/vulnerability/CVE-2024-2782,Unauthorized Modification of Data Vulnerability in Fluent Forms Plugin,"The Contact Form Plugin by Fluent Forms for WordPress contains a significant vulnerability that permits unauthorized alteration of settings. This issue arises from a lack of capability checks on the /wp-json/fluentform/v1/global-settings REST API endpoint, impacting all versions up to and including 5.1.16. As a result, unauthenticated attackers can modify critical settings of the plugin, posing potential risks to website functionality and security. Website owners utilizing the Fluent Forms Plugin should prioritize immediate updates to mitigate this vulnerability.",Wordpress,"Contact Form Plugin By Fluent Forms For Quiz, Survey, And Drag & Drop WP Form Builder",7.5,HIGH,0.0004299999854993075,false,,false,false,false,,false,false,2024-05-18T07:38:32.798Z,0
CVE-2024-2771,https://securityvulnerability.io/vulnerability/CVE-2024-2771,Fluent Forms Plugin Vulnerable to Privilege Escalation Attacks,"The Contact Form Plugin by Fluent Forms is susceptible to a privilege escalation vulnerability stemming from a lack of appropriate capability checks in the /wp-json/fluentform/v1/managers REST API endpoint. This issue allows unauthenticated attackers to assign management permissions to any user, granting them complete access to all settings and features of the plugin. Furthermore, this vulnerability enables attackers to delete manager accounts, posing significant risks to the integrity and security of the WordPress site utilizing this plugin. Immediate attention to update to the latest version is essential to mitigate potential exploits.",Wordpress,"Contact Form Plugin By Fluent Forms For Quiz, Survey, And Drag & Drop WP Form Builder",9.8,CRITICAL,0.0004299999854993075,false,,false,false,false,,false,false,2024-05-18T07:38:20.993Z,0
CVE-2023-6957,https://securityvulnerability.io/vulnerability/CVE-2023-6957,Fluent Forms Plugin Vulnerable to Stored Cross-Site Scripting,"The Fluent Forms plugin for WordPress by Fluent Forms plugin for WordPress is vulnerable to Stored Cross-Site Scripting in all versions up to, and including, 5.1.9 due to insufficient input sanitization and output escaping. This makes it possible for attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. The exploitation level depends on who is granted the right to create forms by an administrator. This level can be as low as contributor, but by default is admin.",Wordpress,"Contact Form Plugin By Fluent Forms For Quiz, Survey, And Drag & Drop WP Form Builder",4.9,MEDIUM,0.0004299999854993075,false,,false,false,false,,false,false,2024-03-13T15:27:24.732Z,0