CVE-2024-13603: Wise Forms <= 1.2.0 - Unauthenticated Stored XSS

Description

The Wise Forms WordPress plugin through 1.2.0 does not sanitise and escape some of its settings, which could allow unauthenticated users to perform Stored Cross-Site Scripting attacks via malicious form submissions.

Classification

CVE ID: CVE-2024-13603

Affected Products

Vendor: Unknown

Product: Wise Forms

Exploit Prediction Scoring System (EPSS)

EPSS Score: 0.04% (probability of being exploited)

EPSS Percentile: 0.11935 (how common is this exploit)

EPSS Date: 2025-03-13 (when was this score calculated)

Timeline

2025-02-18 00:30:16 UTC
CVE

Wise Forms <= 1.2.0 - Unauthenticated Stored XSS