Really Simple Security logo

Log out
Get PRO

Latest

Input validation vulnerability in Jotform Online Forms – Drag & Drop Form Builder, Securely Embed Contact Forms 1.3.1

  • Severity: medium-risk
  • Status: Fixed
  • Publication: April 18, 2024

A WordPress plugin called Jotform Online Forms, which allows for easy creation and embedding of contact forms, has a security vulnerability. This vulnerability, known as Stored Cross-Site Scripting, can be found in all versions of the plugin, including the latest version 1.3.1. This is due to inadequate protection of user input and output on certain attributes. This means that someone with contributor-level access or higher can inject harmful code into pages, which will then be executed whenever a user visits that page. It’s possible that CVE-2024-32527 is related to this issue.

Detected in:

Jotform Online Forms – Drag & Drop Form Builder, Securely Embed Contact Forms fixed vulnerable versions: >= * <= 1.3.1
Online Forms — Customizable Payment, Contact, Quiz, Survey Form Builder – Jotform fixed vulnerable versions:

This information is sourced from www.wpvulnerability.com. An open-source database of vulnerabilities maintained by the community. Help us out by submitting vulnerabilities!

Version compare shows which versions have a vulnerability. For example: >= 2.2.8 <= 2.2.21 means:

> from 2.2.8
= including 2.2.8 & 2.2.21
< to 2.2.21

  • Incorrect?

Is this information incorrect? Please leave us a message.