CVE-2024-45625

low-risk

Published 2024-09-09

Cross-site scripting vulnerability exists in Forminator versions prior to 1.34.1. If this vulnerability is exploited, an arbitrary script may be executed on the web browser of the user who follows a crafted URL and accesses the webpage with the web form created by Forminator.

Do I need to act?

0.25% chance of exploitation

EPSS score — low exploit probability

Not on CISA KEV list

No confirmed active exploitation reported to CISA

Patch status unknown

Check vendor advisories for fix availability and mitigation guidance

CVSS 6.1/10 Medium

NETWORK / LOW complexity

Affected Products (1)

Forminator

Affected Vendors

Incsub

References (4)

Third Party Advisory https://jvn.jp/en/jp/JVN65724976/

Patch https://plugins.trac.wordpress.org/changeset?new=3135507%40forminator%2Ftrunk%2F...

Product https://wordpress.org/plugins/forminator/

Product https://wpmudev.com/

/ 100

low-risk

Severity 23/34 · High

Exploitability 1/34 · Minimal

Exposure 5/34 · Minimal