CVE-2021-24907: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

December 21, 2021 (updated December 27, 2021)

The Contact Form, Drag and Drop Form Builder for WordPress plugin does not escape the status parameter before outputting it back in an attribute, leading to a Reflected Cross-Site Scripting issue

References

nvd.nist.gov/vuln/detail/CVE-2021-24907
wpscan.com/vulnerability/56dae1ae-d5d2-45d3-8991-db69cc47ddb7

Code Behaviors & Features

Detect and mitigate CVE-2021-24907 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →