Reflected XSS Vulnerability in Zaus Forms: 3rd-Party Post Again
CVE-2024-51783

7.1HIGH

Key Information:

Vendor: WordPress
Status: Forms: 3rd-party Post Again
Vendor: CVE Published:; 9 November 2024

Summary

A security vulnerability in the Forms: 3rd-Party Post Again plugin by Zaus allows for reflected Cross-Site Scripting (XSS) attacks. This flaw can be exploited through improperly neutralized input during web page generation, potentially enabling attackers to execute malicious scripts in the browser of users accessing vulnerable forms. Such security lapses could lead to data theft, session hijacking, or redirecting users to malicious sites. The affected version is documented as being from n/a through version 0.3, highlighting the urgency for users to evaluate their implementations and apply necessary updates to safeguard web applications.

Affected Version(s)

Forms: 3rd-Party Post Again <= 0.3

References

https://patchstack.com/database/vulnerability/forms-3rdpa...

vdb-entry

CVSS V3.1

Score:

7.1

Severity:

HIGH

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Changed

Timeline

Vulnerability published
Nov 9, 2024
Vulnerability Reserved
Nov 4, 2024

Credit

João Pedro Soares de Alcântara - Kinorth (Patchstack Alliance)