CVE-2024-4857: FS Product Inquiry <= 1.1.1 - Unauthenticated Stored XSS

Description

The FS Product Inquiry WordPress plugin through 1.1.1 does not sanitise and escape some form submissions, which could allow unauthenticated users to perform Stored Cross-Site Scripting attacks

Classification

CVE ID: CVE-2024-4857

Problem Types

CWE-79 Cross-Site Scripting (XSS)

Affected Products

Vendor: Unknown

Product: FS Product Inquiry

Exploit Prediction Scoring System (EPSS)

EPSS Score: 0.1% (probability of being exploited)

EPSS Percentile: 29.23% (scored less or equal to compared to others)

EPSS Date: 2025-04-18 (when was this score calculated)

Stakeholder-Specific Vulnerability Categorization (SSVC)

SSVC Exploitation: none

SSVC Technical Impact: partial

SSVC Automatable: false

References

https://nvd.nist.gov/vuln/detail/CVE-2024-4857
https://wpscan.com/vulnerability/bf1b8434-b361-4666-9058-d9f08c09d083/

Timeline

2025-03-28 20:40:18 UTC
CVE

FS Product Inquiry <= 1.1.1 - Unauthenticated Stored XSS