Vulnerability Details CVE-2018-7747
Multiple cross-site scripting (XSS) vulnerabilities in the Caldera Forms plugin before 1.6.0-rc.1 for WordPress allow remote attackers to inject arbitrary web script or HTML via vectors involving (1) a greeting message, (2) the email transaction log, or (3) an imported form.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.009
EPSS Ranking 75.3%
CVSS Severity
CVSS v3 Score 4.8
CVSS v2 Score 3.5
References
- http://packetstormsecurity.com/files/147257/WordPress-Caldera-Forms-1.5.9.1-Cross-Site-Scripting.html
- https://calderaforms.com/2018/03/caldera-forms-1-6-is-here/
- https://calderaforms.com/updates/caldera-forms-1-6-0/#security
- https://wordpress.org/plugins/caldera-forms/#developers
- https://www.exploit-db.com/exploits/44489/
- http://packetstormsecurity.com/files/147257/WordPress-Caldera-Forms-1.5.9.1-Cross-Site-Scripting.html
- https://calderaforms.com/2018/03/caldera-forms-1-6-is-here/
- https://calderaforms.com/updates/caldera-forms-1-6-0/#security
- https://wordpress.org/plugins/caldera-forms/#developers
- https://www.exploit-db.com/exploits/44489/
Products affected by CVE-2018-7747
-
cpe:2.3:a:calderalabs:caldera_forms:1.0.0
-
cpe:2.3:a:calderalabs:caldera_forms:1.0.1
-
cpe:2.3:a:calderalabs:caldera_forms:1.0.2
-
cpe:2.3:a:calderalabs:caldera_forms:1.0.3
-
cpe:2.3:a:calderalabs:caldera_forms:1.0.4
-
cpe:2.3:a:calderalabs:caldera_forms:1.0.5
-
cpe:2.3:a:calderalabs:caldera_forms:1.0.6
-
cpe:2.3:a:calderalabs:caldera_forms:1.0.7
-
cpe:2.3:a:calderalabs:caldera_forms:1.0.8
-
cpe:2.3:a:calderalabs:caldera_forms:1.0.9
-
cpe:2.3:a:calderalabs:caldera_forms:1.0.91
-
cpe:2.3:a:calderalabs:caldera_forms:1.1.0
-
cpe:2.3:a:calderalabs:caldera_forms:1.1.1
-
cpe:2.3:a:calderalabs:caldera_forms:1.1.10
-
cpe:2.3:a:calderalabs:caldera_forms:1.1.2
-
cpe:2.3:a:calderalabs:caldera_forms:1.1.3
-
cpe:2.3:a:calderalabs:caldera_forms:1.1.4
-
cpe:2.3:a:calderalabs:caldera_forms:1.1.5
-
cpe:2.3:a:calderalabs:caldera_forms:1.1.6
-
cpe:2.3:a:calderalabs:caldera_forms:1.1.7
-
cpe:2.3:a:calderalabs:caldera_forms:1.1.8
-
cpe:2.3:a:calderalabs:caldera_forms:1.1.9
-
cpe:2.3:a:calderalabs:caldera_forms:1.1.9.1
-
cpe:2.3:a:calderalabs:caldera_forms:1.1.9.10
-
cpe:2.3:a:calderalabs:caldera_forms:1.1.9.2
-
cpe:2.3:a:calderalabs:caldera_forms:1.1.9.3
-
cpe:2.3:a:calderalabs:caldera_forms:1.1.9.4
-
cpe:2.3:a:calderalabs:caldera_forms:1.1.9.5
-
cpe:2.3:a:calderalabs:caldera_forms:1.1.9.6
-
cpe:2.3:a:calderalabs:caldera_forms:1.1.9.7
-
cpe:2.3:a:calderalabs:caldera_forms:1.1.9.8
-
cpe:2.3:a:calderalabs:caldera_forms:1.1.9.9
-
cpe:2.3:a:calderalabs:caldera_forms:1.2.0
-
cpe:2.3:a:calderalabs:caldera_forms:1.2.1
-
cpe:2.3:a:calderalabs:caldera_forms:1.2.2
-
cpe:2.3:a:calderalabs:caldera_forms:1.2.3
-
cpe:2.3:a:calderalabs:caldera_forms:1.3.0
-
cpe:2.3:a:calderalabs:caldera_forms:1.3.0.1
-
cpe:2.3:a:calderalabs:caldera_forms:1.3.0.2
-
cpe:2.3:a:calderalabs:caldera_forms:1.3.1
-
cpe:2.3:a:calderalabs:caldera_forms:1.3.1.2
-
cpe:2.3:a:calderalabs:caldera_forms:1.3.2
-
cpe:2.3:a:calderalabs:caldera_forms:1.3.2.1
-
cpe:2.3:a:calderalabs:caldera_forms:1.3.3
-
cpe:2.3:a:calderalabs:caldera_forms:1.3.3.1
-
cpe:2.3:a:calderalabs:caldera_forms:1.3.4.1
-
cpe:2.3:a:calderalabs:caldera_forms:1.3.4.2
-
cpe:2.3:a:calderalabs:caldera_forms:1.3.5
-
cpe:2.3:a:calderalabs:caldera_forms:1.3.5.1
-
cpe:2.3:a:calderalabs:caldera_forms:1.3.5.2
-
cpe:2.3:a:calderalabs:caldera_forms:1.3.5.3
-
cpe:2.3:a:calderalabs:caldera_forms:1.4.0
-
cpe:2.3:a:calderalabs:caldera_forms:1.4.1
-
cpe:2.3:a:calderalabs:caldera_forms:1.4.2
-
cpe:2.3:a:calderalabs:caldera_forms:1.4.3
-
cpe:2.3:a:calderalabs:caldera_forms:1.4.3.1
-
cpe:2.3:a:calderalabs:caldera_forms:1.4.4
-
cpe:2.3:a:calderalabs:caldera_forms:1.4.4.1
-
cpe:2.3:a:calderalabs:caldera_forms:1.4.5
-
cpe:2.3:a:calderalabs:caldera_forms:1.4.5.1
-
cpe:2.3:a:calderalabs:caldera_forms:1.4.6
-
cpe:2.3:a:calderalabs:caldera_forms:1.4.7
-
cpe:2.3:a:calderalabs:caldera_forms:1.4.8
-
cpe:2.3:a:calderalabs:caldera_forms:1.4.9
-
cpe:2.3:a:calderalabs:caldera_forms:1.5.0
-
cpe:2.3:a:calderalabs:caldera_forms:1.5.0.1-3
-
cpe:2.3:a:calderalabs:caldera_forms:1.5.0.10
-
cpe:2.3:a:calderalabs:caldera_forms:1.5.0.4
-
cpe:2.3:a:calderalabs:caldera_forms:1.5.0.5
-
cpe:2.3:a:calderalabs:caldera_forms:1.5.0.6
-
cpe:2.3:a:calderalabs:caldera_forms:1.5.0.7
-
cpe:2.3:a:calderalabs:caldera_forms:1.5.0.8
-
cpe:2.3:a:calderalabs:caldera_forms:1.5.0.9
-
cpe:2.3:a:calderalabs:caldera_forms:1.5.1
-
cpe:2.3:a:calderalabs:caldera_forms:1.5.2
-
cpe:2.3:a:calderalabs:caldera_forms:1.5.2.1
-
cpe:2.3:a:calderalabs:caldera_forms:1.5.3
-
cpe:2.3:a:calderalabs:caldera_forms:1.5.3.1
-
cpe:2.3:a:calderalabs:caldera_forms:1.5.4
-
cpe:2.3:a:calderalabs:caldera_forms:1.5.5
-
cpe:2.3:a:calderalabs:caldera_forms:1.5.6
-
cpe:2.3:a:calderalabs:caldera_forms:1.5.6.1
-
cpe:2.3:a:calderalabs:caldera_forms:1.5.6.2
-
cpe:2.3:a:calderalabs:caldera_forms:1.5.7
-
cpe:2.3:a:calderalabs:caldera_forms:1.5.7.1
-
cpe:2.3:a:calderalabs:caldera_forms:1.5.8
-
cpe:2.3:a:calderalabs:caldera_forms:1.5.9