CVE-2024-0427

EUVD-2024-16222
The ARForms - Premium WordPress Form Builder Plugin WordPress plugin before 6.4.1 does not properly escape user-controlled input when it is reflected in some of its AJAX actions.
Cross-site Scripting
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
6.3 MEDIUM
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L
Base Score
CVSS 3.x
EPSS Score
Percentile: 47%
Affected Products (NVD)
VendorProductVersion
reputeinfosystemsarforms
𝑥
< 6.4.1
𝑥
= Vulnerable software versions
Early Detection
Affected products identified ahead of NVD analysis through intelligence sources.
VendorProductVersionSource
reputeinfosystemsarforms_form_builder
𝑥
< 6.4.1
ADP
Common Weakness Enumeration
References
https://wpscan.com/vulnerability/1806fef3-d774-46e0-aa48-7a101495f4eb/
https://wpscan.com/vulnerability/1806fef3-d774-46e0-aa48-7a101495f4eb/