Cross-Site Scripting Vulnerability in Contact Form, Survey, Quiz & Popup Form Builder by WordPress

CVE-2024-10504

What is CVE-2024-10504?

The Contact Form, Survey, Quiz & Popup Form Builder plugin for WordPress prior to version 1.7.1 contains a vulnerability that allows unauthenticated users to execute Cross-Site Scripting attacks. This occurs due to improper sanitization and escaping of parameters when rendering them on the page. Attackers could exploit this vulnerability to inject malicious scripts, potentially compromising user data and site integrity.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch →

References