WordPress Plugin Vulnerabilities

Caldera Forms < 1.6.0 - Multiple Cross-Site Scripting (XSS)

Description

The Caldera Forms – More Than Contact Forms WordPress plugin was affected by a Multiple Cross-Site Scripting (XSS) security vulnerability.

Affects Plugins

Plugin icon
caldera-forms
Fixed in 1.6.0

References

CVE
CVE-2018-7747
URL
https://packetstormsecurity.com/files/#147257/
URL
https://calderaforms.com/updates/caldera-forms-1-6-0/
URL
https://plugins.trac.wordpress.org/changeset/1847868/caldera-forms

Classification

Type
XSS
OWASP top 10
A7: Cross-Site Scripting (XSS)
CWE
CWE-79
CVSS
4.8 (medium)

Miscellaneous

Submitter
Ryan
Submitter twitter
ethicalhack3r
Verified
No
WPVDB ID
472c8d78-6382-4557-9669-9cda0709d83c

Timeline

Publicly Published
2018-04-26 (about 8 years ago)
Added
2018-04-26 (about 8 years ago)
Last Updated
2020-09-22 (about 5 years ago)

Other

Published
Title
Published
2023-08-11
Title
Kangu para WooCommerce < 2.2.10 - Reflected XSS
Published
2025-08-14
Title
Essential Addons for Elementor < 6.2.3 - Contributor+ DOM-Based Stored XSS
Published
2024-07-06
Title
Floating Social Media Links <= 1.5.2 - Authenticated (Administrator+) Stored Cross-Site Scripting
Published
2024-12-02
Title
Advanced Element Bucket Addons for Elementor <= 1.0.2 - Authenticated (Contributor+) Stored Cross-Site Scripting
Published
2021-08-28
Title
Duplicate Page < 4.4.3 - Admin+ Stored Cross-Site Scripting