CVE-2024-13603: Wise Forms <= 1.2.0 - Unauthenticated Stored XSS

Description

The Wise Forms WordPress plugin through 1.2.0 does not sanitise and escape some of its settings, which could allow unauthenticated users to perform Stored Cross-Site Scripting attacks via malicious form submissions.

Classification

CVE ID: CVE-2024-13603

Affected Products

Vendor: Unknown

Product: Wise Forms

Exploit Prediction Scoring System (EPSS)

EPSS Score: 0.03% (probability of being exploited)

EPSS Percentile: 6.34% (scored less or equal to compared to others)

EPSS Date: 2025-03-18 (when was this score calculated)

References

https://wpscan.com/vulnerability/234a8d22-e6c6-4819-9ac0-434a96b3462d/

Timeline

2025-02-18 00:30:16 UTC
CVE

Wise Forms <= 1.2.0 - Unauthenticated Stored XSS