CVE-2023-6957

CVSS 3.1 Score 4.9 of 10 (medium)

Details

Published Mar 13, 2024

Summary

CVE-2023-6957 is a Stored Cross-Site Scripting (XSS) vulnerability affecting the Fluent Forms plugin for WordPress, as identified by Fluent Forms plugin for WordPress. The flaw, found in all versions up to and including 5.1.9, stems from insufficient input sanitization and output escaping. Consequently, attackers can inject arbitrary web scripts into pages, causing them to execute whenever a user accesses an injected page. The level of exploitation depends on the user privileges granted by WordPress administrators, which can range from contributor to the default admin level.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

https://app.recordedfuture.com/live/sc/entity/t3OL8Q
https://www.cve.org/CVERecord?id=CVE-2023-6957
https://nvd.nist.gov/vuln/detail/CVE-2023-6957

Back to Vulnerability Database

CVE-2023-6957

CVSS 3.1 Score 4.9 of 10 (medium)

Details

Summary

Advisories, Assessments, and Mitigations