CVE-2024-6703

🗓️ 27 Jul 2024 13:15:09Reported by [email protected]Type

The Contact Form Plugin by Fluent Forms for Quiz, Survey, and Drag & Drop WP Form Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘description’ and 'btn_txt' parameters in all versions up to, and including, 5.1.19 due to insufficient input sanitization and output escaping. This allows attackers to inject arbitrary web scripts

Reporter	Title	Published	Views	Family All 10
Circl	CVE-2024-6703	27 Jul 202415:47	–	circl
CNNVD	WordPress plugin Contact Form Plugin 安全漏洞	27 Jul 202400:00	–	cnnvd
CVE	CVE-2024-6703	27 Jul 202412:30	–	cve
Cvelist	CVE-2024-6703 Contact Form Plugin by Fluent Forms for Quiz, Survey, and Drag & Drop WP Form Builder <= 5.1.19 - Authenticated (Subscriber+) Stored Cross-Site Scripting via Welcome Screen Fields	27 Jul 202412:30	–	cvelist
EUVD	EUVD-2024-47747	3 Oct 202520:07	–	euvd
Patchstack	WordPress FluentForm plugin <= 5.1.19 - Authenticated (Subscriber+) Stored Cross-Site Scripting via Welcome Screen Fields vulnerability	18 Feb 202608:19	–	patchstack
Positive Technologies	PT-2024-37810 · Fluent Forms · Contact Form Plugin By Fluent Forms	27 Jul 202400:00	–	ptsecurity
RedhatCVE	CVE-2024-6703	23 May 202507:59	–	redhatcve
Vulnrichment	CVE-2024-6703 Contact Form Plugin by Fluent Forms for Quiz, Survey, and Drag & Drop WP Form Builder <= 5.1.19 - Authenticated (Subscriber+) Stored Cross-Site Scripting via Welcome Screen Fields	27 Jul 202412:30	–	vulnrichment
Wordfence Blog	Wordfence Intelligence Weekly WordPress Vulnerability Report (July 22, 2024 to July 28, 2024)	1 Aug 202414:18	–	wordfence

NVD

Node

fluentforms contact_formRange<5.1.20wordpress

Source	Link
wordfence	www.wordfence.com/threat-intel/vulnerabilities/id/69dc9236-8079-434f-b2b5-060a0c5eba46
plugins	www.plugins.trac.wordpress.org/browser/fluentform/trunk/app/Services/FluentConversational/Classes/Elements/WelcomeScreen.php
plugins	www.plugins.trac.wordpress.org/changeset/3125227/

10 Feb 2025 16:13Current

CVSS 3.14.9 - 5.4

EPSS0.00304

CWE-79