WordPress Flaming Forms plugin <= 1.0.1 - CSRF to Stored XSS vulnerability
CVE-2024-54398

7.1HIGH

Key Information:

Vendor: WordPress
Status: Flaming Forms
Vendor: CVE Published:; 16 December 2024

What is CVE-2024-54398?

The vulnerability in the Flaming Forms plugin for WordPress allows attackers to exploit Cross-Site Request Forgery (CSRF), leading to Stored Cross-Site Scripting (XSS) issues. This flaw poses a serious risk as it permits unauthorized actions to be executed on behalf of authenticated users. It is crucial for users of Flaming Forms, especially those using versions up to 1.0.1, to implement necessary security measures to prevent potential exploitation.

Affected Version(s)

Flaming Forms <= 1.0.1

References

https://patchstack.com/database/wordpress/plugin/flaming-...

vdb-entry

CVSS V3.1

Score:

7.1

Severity:

HIGH

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Dec 16, 2024
Vulnerability Reserved
Dec 2, 2024

Credit

SOPROBRO (Patchstack Alliance)