← back
CVE-2021-24907

Everest Forms < 1.8.0 - Reflected Cross-Site Scripting

EPSS 0.9%CWE-79
Vexday Risk Score
3Low
SSVC decision (CISA)
Track
No exploitation signal → monitor
CVSS EPSS 0.9%KEV nãoPoC Nuclei Metasploit Patch
Lifecycle
21 Dec 2021Published on NVD
Recommendation: Monitor — no exploitation signal at the moment.
The Contact Form, Drag and Drop Form Builder for WordPress plugin before 1.8.0 does not escape the status parameter before outputting it back in an attribute, leading to a Reflected Cross-Site Scripting issue
Affected products
Unknown · Contact Form, Drag and Drop Form Builder for WordPress – Everest Forms

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
https://wpscan.com/vulnerability/56dae1ae-d5d2-45d3-8991-db69cc47ddb7