Cross-Site Scripting in INTINITUM FORM Geo Controller by INTINITUM
CVE-2023-51513

6.5MEDIUM

Key Information:

Vendor: WordPress
Status: Geo Controller
Vendor: CVE Published:; 5 January 2026

What is CVE-2023-51513?

The INTINITUM FORM Geo Controller is vulnerable to a Cross-Site Scripting (XSS) issue that arises from improper handling of user input during web page generation. This flaw allows an attacker to inject malicious scripts into the DOM, potentially leading to compromised user sessions or data theft. The vulnerability affects all versions of the Geo Controller up to 8.5.2, highlighting the importance for users to review their configurations and apply necessary updates to mitigate risks.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

Geo Controller <= 8.5.2

References

https://vdp.patchstack.com/database/wordpress/plugin/cf-g...

vdb-entry

CVSS V3.1

Score:

6.5

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

Required

Scope:

Changed

Timeline

Vulnerability published
Jan 5, 2026
Vulnerability Reserved
Dec 20, 2023

Credit

Ngô Thiên An (ancorn_ from VNPT-VCI) | Patchstack Bug Bounty Program

JSON

WordPress