CVE-2024-45625: 
WordPress vulnerability analysis and mitigation

A cross-site scripting (XSS) vulnerability was discovered in Forminator, a WordPress plugin, affecting versions prior to 1.34.1. The vulnerability was disclosed on September 9, 2024, and assigned identifier CVE-2024-45625. The vulnerability affects the web form functionality of Forminator, a popular form builder plugin provided by WPMU DEV (JVN Advisory, NVD).

The vulnerability exists in the way Forminator processes information from URLs when embedding it into web forms. The improper processing of this embedded information leads to a cross-site scripting vulnerability (CWE-79). The vulnerability has been assigned a CVSS v3.1 base score of 6.1 (Medium) with the vector string CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N, indicating network accessibility with low attack complexity and requiring user interaction (NVD).

When exploited, this vulnerability allows an attacker to execute arbitrary scripts in the web browser of users who follow a crafted URL and access a webpage containing a web form created with Forminator. This could potentially lead to theft of sensitive information or manipulation of the user's browser session (JVN Advisory).

Users are advised to update their Forminator plugin to version 1.34.1 or later, which contains the fix for this vulnerability. Additionally, it is recommended to rebuild any previously created web forms according to the information provided by the developer (JVN Advisory).