cleantalk
Vulnerabilities and Security Researches

WordPress form builder plugin for contact forms, surveys and quizzes – Tripetto, CVE-2024-10260

CVE, Research URL

CVE-2024-10260

Home page URL

Security reports for WordPress form builder plugin for contact forms, surveys and quizzes – Tripetto

Application

WordPress form builder plugin for contact forms, surveys and quizzes – Tripetto

Published on
Nov 15, 2024
Research Description
The Tripetto plugin for WordPress is vulnerable to Stored Cross-Site Scripting via File uploads in all versions up to, and including, 8.0.3 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses the file.
Affected versions
Min -, max 8.0.6.
Status
vulnerable
Previous vulnerability researches
Labinator Content Types Duplicator (CVE-2025-31809) , Apr 03, 2025
Theme Duplicator (CVE-2025-31845) , Apr 03, 2025
WP Bulk Post Duplicator (CVE-2025-28884) , Mar 13, 2025
Multisite Post Duplicator (CVE-2016-10944) , Jun 07, 2024
Theme File Duplicator (CVE-2025-27283) , Feb 27, 2025
New vulnerability
Admin and Site Enhancements (ASE) (CVE-2024-43333) , May 07, 2025
EventPrime – Events Calendar, Bookings and Tickets (CVE-2024-9864) , May 07, 2025
PDF Flipbook, 3D Flipbook – DearFlip (CVE-2024-4367) , May 07, 2025
Import any XML or CSV File to WordPress (CVE-2014-2054) , May 07, 2025
WC Affiliate – A Full-fledged Affiliate Manager for WooCommerce (CVE-2024-12321) , May 07, 2025