Lucene search

CVE-2024-6770

🗓️ 31 Jul 2024 06:04:15Reported by [email protected]Type

The VForm plugin for WordPress is vulnerable to Stored Cross-Site Scripting due to insufficient input sanitization and output escapin

Reporter	Title	Published	Views	Family All 5
CVE	CVE-2024-6770	31 Jul 202406:15	–	cve
Vulnrichment	CVE-2024-6770 Lifetime free Drag & Drop Contact Form Builder for WordPress VForm <= 2.1.5 - Unauthenticated Stored Cross-Site Scripting	31 Jul 202405:30	–	vulnrichment
Patchstack	WordPress VForm Plugin <= 2.1.5 is vulnerable to Cross Site Scripting (XSS)	31 Jul 202400:00	–	patchstack
Cvelist	CVE-2024-6770 Lifetime free Drag & Drop Contact Form Builder for WordPress VForm <= 2.1.5 - Unauthenticated Stored Cross-Site Scripting	31 Jul 202405:30	–	cvelist
Wordfence Blog	Wordfence Intelligence Weekly WordPress Vulnerability Report (July 29, 2024 to August 4, 2024)	8 Aug 202415:35	–	wordfence

Source	Link
plugins	www.plugins.trac.wordpress.org/changeset/3128092/
wordpress	www.wordpress.org/plugins/v-form/
wordfence	www.wordfence.com/threat-intel/vulnerabilities/id/61a63ba6-129a-4ce2-be40-89c2fa44a670
plugins	www.plugins.trac.wordpress.org/changeset/3128079/
plugins	www.plugins.trac.wordpress.org/changeset/3128079/

Transform Your Security Services

Elevate your offerings with Vulners' advanced Vulnerability Intelligence. Contact us for a demo and discover the difference comprehensive, actionable intelligence can make in your security strategy.

Book a live demo

31 Jul 2024 06:15Current

CVSS37.2

EPSS0.00052

CWE-79