Multiple WordPress Forminator Plugins Vulnerabilities

Severity

Medium

Analysis Summary

CVE-2024-31857 CVSS:6.1

Forminator Plugin for WordPress is vulnerable to cross-site scripting, caused by improper validation of user-supplied input. A remote attacker could exploit this vulnerability to execute a script in a victim's Web browser within the security context of the hosting Web site. An attacker could use this vulnerability to steal the victim's cookie-based authentication credentials.

CVE-2024-31077 CVSS:7.2

Forminator Plugin for WordPress is vulnerable to SQL injection. A remote attacker could send specially-crafted SQL statements to view, add, modify or delete information in the back-end database.

Impact

Cross-Site Scripting
Data Manipulation

Indicators of Compromise

CVE

CVE-2024-31857
CVE-2024-31077

Affected Vendors

WordPress

Affected Products

Forminator Plugin for WordPress

Remediation

Upgrade to the latest version of Plugin for WordPress, available from the WordPress Plugin Website.

WordPress Plugin Website

Turning Threats into Opportunities: Leveraging Threat Intelligence for Business Advantage

ICS: Delta Electronics CNCSoft-G2 DOPSoft Vulnerability

Multiple WordPress Forminator Plugins Vulnerabilities

Severity

Medium

Analysis Summary

Indicators of Compromise

CVE

Affected Vendors

Affected Products

Remediation

Security Operations Centers across the region

Saudi Arabia

UAE

Oman

Pakistan