CVE-2024-9528

Summary

CVE-2024-9528 is a vulnerability in the Contact Form Plugin by Fluent Forms for WordPress, affecting all versions up to and including 5.1.19. The issue arises from inadequate input sanitization and output escaping, allowing authenticated attackers with form editing permissions to inject malicious scripts via form label fields. This vulnerability poses a medium-level risk, as it could lead to stored cross-site scripting (XSS) attacks that execute whenever a user accesses the compromised pages. To remediate this vulnerability, users should update the plugin to the latest version that addresses this flaw. Organizations are advised to implement strict access controls and regularly audit plugins for security updates to mitigate potential exploitation risks.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.