CVE-2024-3113 in FormFlow Plugininfo

Summary

by MITRE • 07/30/2024

The FormFlow: WhatsApp Social and Advanced Form Builder with Easy Lead Collection WordPress plugin before 2.12.2 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)

Be aware that VulDB is the high quality source for vulnerability data.

Analysis

by VulDB Data Team • 05/31/2025

The vulnerability identified as CVE-2024-3113 affects the FormFlow WordPress plugin, specifically versions prior to 2.12.2, presenting a critical security risk through stored cross-site scripting exploits. This issue stems from insufficient sanitization and escaping of user-provided input within the plugin's settings management functionality. The flaw particularly impacts high-privilege users such as administrators who possess the capability to modify plugin configurations, making it a significant concern for WordPress multisite environments where security controls are more stringent.

The technical nature of this vulnerability aligns with CWE-79, which specifically addresses cross-site scripting flaws in web applications. The plugin fails to properly sanitize data entered through its administrative interface before storing it in the WordPress database, creating a persistent XSS vector that can be triggered when authenticated users view the affected settings. This weakness becomes particularly dangerous in multisite configurations where the unfiltered_html capability is typically restricted to prevent arbitrary HTML injection, yet the vulnerability allows attackers to bypass these protections through carefully crafted malicious input.

The operational impact of CVE-2024-3113 extends beyond simple script execution as it enables attackers with admin-level privileges to potentially escalate their access within the WordPress environment. Once exploited, stored XSS attacks can facilitate session hijacking, data theft, or redirection to malicious sites, particularly when targeting other administrators who may view the compromised plugin settings. The vulnerability's persistence in the database means that the malicious scripts execute every time the affected page is loaded, providing attackers with ongoing access to the compromised system.

Mitigation strategies for this vulnerability primarily involve immediate patching to version 2.12.2 or later, which addresses the sanitization issues in the plugin's input handling mechanisms. Security administrators should also implement additional monitoring of plugin settings modifications and conduct regular security audits of WordPress installations to identify potential exploitation attempts. The ATT&CK framework categorizes this vulnerability under T1548.002, which covers bypassing user access controls through the manipulation of application data, making it particularly relevant for organizations implementing defensive security measures against privilege escalation attacks. Organizations should also consider implementing web application firewalls and content security policies as additional protective measures to mitigate potential exploitation attempts.

Reservation

03/29/2024

Disclosure

07/30/2024

Moderation

accepted

CPE

ready

EPSS

0.00310

KEV

no

Activities

very low

Sources

Want to know what is going to be exploited?

We predict KEV entries!