cleantalk
Vulnerabilities and Security Researches

WordPress form builder plugin for contact forms, surveys and quizzes – Tripetto, CVE-2024-13497

CVE, Research URL

CVE-2024-13497

Home page URL

Security reports for WordPress form builder plugin for contact forms, surveys and quizzes – Tripetto

Application

WordPress form builder plugin for contact forms, surveys and quizzes – Tripetto

Published on
Mar 15, 2025
Research Description
The WordPress form builder plugin for contact forms, surveys and quizzes – Tripetto plugin for WordPress is vulnerable to Stored Cross-Site Scripting via attachment uploads in all versions up to, and including, 8.0.9 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses the uploaded file.
Affected versions
Min -, max 8.0.10.
Status
vulnerable
Previous vulnerability researches
Skitter Slideshow (CVE-2022-1751) , Aug 18, 2024
Skitter Slideshow (CVE-2025-28906) , Mar 13, 2025
New vulnerability
GetSocial (CVE-2025-22283) , Mar 16, 2025
WP Test Email (CVE-2025-2325) , Mar 16, 2025
GiveWP – Donation Plugin and Fundraising Platform (CVE-2025-2025) , Mar 16, 2025
WordPress form builder plugin for contact forms, surveys and quizzes – Tripetto (CVE-2025-1530) , Mar 16, 2025
WordPress form builder plugin for contact forms, surveys and quizzes – Tripetto (CVE-2024-13497) , Mar 16, 2025