cleantalk
Vulnerabilities and Security Researches

WordPress form builder plugin for contact forms, surveys and quizzes – Tripetto, CVE-2024-10260

CVE, Research URL

CVE-2024-10260

Home page URL

Security reports for WordPress form builder plugin for contact forms, surveys and quizzes – Tripetto

Application

WordPress form builder plugin for contact forms, surveys and quizzes – Tripetto

Published on
Nov 15, 2024
Research Description
The Tripetto plugin for WordPress is vulnerable to Stored Cross-Site Scripting via File uploads in all versions up to, and including, 8.0.3 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses the file.
Affected versions
Min -, max 8.0.6.
Status
vulnerable
Previous vulnerability researches
Multisite Post Duplicator (CVE-2016-10944) , Jun 07, 2024
New vulnerability
Gutentor – Gutenberg Blocks – Page Builder for Gutenberg Editor (CVE-2025-1986) , May 07, 2025
Essential Blocks – Page Builder Gutenberg Blocks, Patterns & Templates (CVE-2024-13803) , May 07, 2025
Design for Contact Form 7 Style WordPress Plugin – CF7 WOW Styler (CVE-2022-4974) , May 07, 2025
Admin and Site Enhancements (ASE) (CVE-2024-43333) , May 07, 2025
EventPrime – Events Calendar, Bookings and Tickets (CVE-2024-9864) , May 07, 2025