Lucene search

PatchstackCVE-2024-29820

HistoryMar 27, 2024 - 7:15 a.m.

CVE-2024-29820

2024-03-2707:15:49

CWE-79

Patchstack

web.nvd.nist.gov

cve-2024-29820

improper neutralization

cross-site scripting

stored xss

pdf builder for wpforms

CVSS3

6.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

LOW

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L

AI Score

Confidence

High

EPSS

Percentile

9.0%

JSON

Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in RedNao PDF Builder for WPForms allows Stored XSS.This issue affects PDF Builder for WPForms: from n/a through 1.2.88.

Affected configurations

Vulners

Node

rednaowoocommerce_pdf_invoice_builderRange≤1.2.88wordpress

VendorProductVersionCPE
rednaowoocommerce_pdf_invoice_builder*cpe:2.3:a:rednao:woocommerce_pdf_invoice_builder:*:*:*:*:*:wordpress:*:*

Vendor	Product	Version	CPE
rednao	woocommerce_pdf_invoice_builder	*	cpe:2.3:a:rednao:woocommerce_pdf_invoice_builder::::::wordpress::*

CNA Affected

[
  {
    "collectionURL": "https://wordpress.org/plugins",
    "defaultStatus": "unaffected",
    "packageName": "pdf-builder-for-wpforms",
    "product": "PDF Builder for WPForms",
    "vendor": "RedNao",
    "versions": [
      {
        "changes": [
          {
            "at": "1.2.89",
            "status": "unaffected"
          }
        ],
        "lessThanOrEqual": "1.2.88",
        "status": "affected",
        "version": "n/a",
        "versionType": "custom"
      }
    ]
  }
]

References

patchstack.com/database/vulnerability/pdf-builder-for-wpforms/wordpress-pdf-builder-for-wpforms-plugin-1-2-88-cross-site-scripting-xss-vulnerability?_s_id=cve