Cross-Site Scripting Vulnerability in Contact Form, Survey, Quiz & Popup Form Builder by WordPress
CVE-2024-10504
Key Information:
- Vendor
WordPress
- Vendor
- CVE Published:
- 15 May 2025
Badges
What is CVE-2024-10504?
The Contact Form, Survey, Quiz & Popup Form Builder plugin for WordPress prior to version 1.7.1 contains a vulnerability that allows unauthenticated users to execute Cross-Site Scripting attacks. This occurs due to improper sanitization and escaping of parameters when rendering them on the page. Attackers could exploit this vulnerability to inject malicious scripts, potentially compromising user data and site integrity.
Affected Version(s)
Contact Form, Survey, Quiz & Popup Form Builder 0 < 1.7.1
Exploit Proof of Concept (PoC)
PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.
References
CVSS V3.1
Timeline
- ๐ก
Public PoC available
- ๐พ
Exploit known to exist
Vulnerability published
Vulnerability Reserved