WordPress BSK Forms Blacklist plugin <= 3.8 - Cross Site Scripting (XSS) vulnerability
CVE-2024-43233

7.1HIGH

Key Information:

Vendor: WordPress
Status: Bsk Forms Blacklist
Vendor: CVE Published:; 12 August 2024

Summary

A Cross-Site Scripting (XSS) vulnerability exists in BannerSky's BSK Forms Blacklist, which allows attackers to inject malicious scripts into web pages viewed by users. This flaw occurs due to improper neutralization of user input during the web page generation process. As a result, an attacker can manipulate web page content and potentially steal sensitive user information. This vulnerability affects versions starting from n/a up to 3.8 of the BSK Forms Blacklist plugin, posing a significant security risk for users. Timely updates and patches are highly recommended to mitigate this issue.

Affected Version(s)

BSK Forms Blacklist <= 3.8

References

https://patchstack.com/database/vulnerability/bsk-gravity...

vdb-entry

CVSS V3.1

Score:

7.1

Severity:

HIGH

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Changed

Timeline

Vulnerability published
Aug 12, 2024

Credit

LVT-tholv2k (Patchstack Alliance)