Stored Cross-Site Scripting in Formaloo Form Maker & Customer Analytics Plugin for WordPress
CVE-2024-11934
6.4MEDIUM
Key Information:
- Vendor
Wordpress
- Vendor
- CVE Published:
- 7 January 2025
What is CVE-2024-11934?
The Formaloo Form Maker & Customer Analytics plugin for WordPress has a vulnerability that allows attackers with Contributor-level access and above to inject arbitrary web scripts into pages. This issue arises from insufficient input sanitization and output escaping related to the 'address' parameter. As a result, when users access a page with a malicious script injected, it gets executed, potentially compromising user data and security.
Affected Version(s)
Formaloo Form Maker & Customer Analytics for WordPress & WooCommerce * <= 2.1.3.2