CVE-2023-3134

low-risk
Published 2023-07-31

The Forminator WordPress plugin before 1.24.4 does not properly escape values that are being reflected inside form fields that use pre-populated query parameters, which could lead to reflected XSS attacks.

Do I need to act?

-
0.12% chance of exploitation
EPSS score — low exploit probability
-
Not on CISA KEV list
No confirmed active exploitation reported to CISA
?
Patch status unknown
Check vendor advisories for fix availability and mitigation guidance
6
CVSS 6.1/10 Medium
NETWORK / LOW complexity

Affected Products (1)

Affected Vendors

Incsub

References (4)

Exploit https://wpscan.com/vulnerability/6d50d3cc-7563-42c4-977b-f834fee711da
Exploit https://www.onvio.nl/nieuws/research-day-discovering-vulnerabilities-in-wordpres...
Exploit https://wpscan.com/vulnerability/6d50d3cc-7563-42c4-977b-f834fee711da
Exploit https://www.onvio.nl/nieuws/research-day-discovering-vulnerabilities-in-wordpres...
28
/ 100
low-risk
Severity 23/34 · High
Exploitability 0/34 · Minimal
Exposure 5/34 · Minimal