Vikas Ratudi VForm Vulnerable to Reflected XSS
CVE-2024-54302

7.1HIGH

Key Information:

Vendor: WordPress
Status: Vform
Vendor: CVE Published:; 13 December 2024

What is CVE-2024-54302?

The vulnerability in Vikas Ratudi's VForm plugin arises from improper neutralization of user input during the generation of web pages. This leads to a reflected cross-site scripting (XSS) issue, posing significant security risks by allowing attackers to execute arbitrary scripts in the context of users' browsers. Versions from n/a up to 3.0.0 are affected, making it essential for users to apply immediate patches and updates to secure their web applications against potential exploit attempts.

Affected Version(s)

VForm <= 3.0.0

References

https://patchstack.com/database/wordpress/plugin/v-form/v...

vdb-entry

CVSS V3.1

Score:

7.1

Severity:

HIGH

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Dec 13, 2024
Vulnerability Reserved
Dec 2, 2024

Credit

Muhamad Agil Fachrian (Patchstack Alliance)