Contact Form Plugin by Fluent Forms for Quiz, Survey, and Drag & Drop WP Form Builder, CVE-2024-9651

CVE, Research URL: CVE-2024-9651
Home page URL: Security reports for Contact Form Plugin by Fluent Forms for Quiz, Survey, and Drag & Drop WP Form Builder
Application: Contact Form Plugin by Fluent Forms for Quiz, Survey, and Drag & Drop WP Form Builder
Published on: Dec 09, 2024
Research Description: The Fluent Forms WordPress plugin before 5.2.1 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup).
Affected versions: Min -, max 5.2.1.
Status: vulnerable

Contact Form Plugin by Fluent Forms for Quiz, Survey, and Drag &amp; Drop WP Form Builder, CVE-2024-9651