CVE-2023-5337

🗓️ 20 Oct 2023 08:13:15Reported by [email protected]Type

The WordPress Contact Form For All plugin (CVE-2023-5337) allows stored cross-site scripting via 'formforall' shortcode, enabling authenticated attackers to inject arbitrary web scripts

AI Insights are available for you today

Leverage the power of AI to quickly understand vulnerabilities, impacts, and exploitability

Reporter	Title	Published	Views	Family All 8
CVE	CVE-2023-5337	20 Oct 202308:15	–	cve
WPVulnDB	Contact form Form For All <= 1.2 - Contributor+ Stored XSS	20 Oct 202300:00	–	wpvulndb
Prion	Cross site scripting	20 Oct 202308:15	–	prion
Cvelist	CVE-2023-5337	20 Oct 202307:29	–	cvelist
Vulnrichment	CVE-2023-5337	20 Oct 202307:29	–	vulnrichment
Patchstack	WordPress Contact form Form For All Plugin <= 1.2 is vulnerable to Cross Site Scripting (XSS)	2 Oct 202300:00	–	patchstack
Wordfence Blog	Wordfence Intelligence Weekly WordPress Vulnerability Report (October 2, 2023 to October 8, 2023)	12 Oct 202315:22	–	wordfence
Wordfence Blog	Over 100 WordPress Repository Plugins Affected by Shortcode-based Stored Cross-Site Scripting	12 Dec 202317:18	–	wordfence

Nvd

Node

formforall formforallRange≤1.2wordpress

Source	Link
plugins	www.plugins.trac.wordpress.org/browser/formforall/trunk/formforall_common.php
wordfence	www.wordfence.com/threat-intel/vulnerabilities/id/abe2f596-b2c3-49d3-b646-0f4b64f15674

Transform Your Security Services

Elevate your offerings with Vulners' advanced Vulnerability Intelligence. Contact us for a demo and discover the difference comprehensive, actionable intelligence can make in your security strategy.

Book a live demo

20 Oct 2023 08:15Current

5.7Medium risk

Vulners AI Score5.7

CVSS35.4

EPSS0.00127

CWE-79