vulnerability

WordPress Plugin: forms-by-made-it: CVE-2021-24505: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Try Surface Command

Back to search

Severity	CVSS	Published	Added	Modified
3	(AV:N/AC:M/Au:S/C:N/I:P/A:N)	Jul 3, 2021	May 15, 2025	May 15, 2025

Severity

CVSS

(AV:N/AC:M/Au:S/C:N/I:P/A:N)

Published

Jul 3, 2021

Added

May 15, 2025

Modified

May 15, 2025

Description

The Forms WordPress plugin before 1.12.3 did not sanitise its input fields, leading to Stored Cross-Site scripting issues. The plugin was vulnerable to an Authenticated Stored Cross-Site Scripting (XSS) vulnerability within the Forms "Add new" field.

Solution

forms-by-made-it-plugin-cve-2021-24505

References

URL-https://www.cve.org/CVERecord?id=CVE-2021-24505
URL-https://www.wordfence.com/threat-intel/vulnerabilities/id/3424c187-cf71-41f0-abb8-f0e843750465?source=api-prod
CVE-2021-24505
https://attackerkb.com/topics/CVE-2021-24505

NEW

Explore Exposure Command

Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.

Try it today