Login Sign Up

CVE-2024-43313

7.1 HIGH
Cross-Site Scripting

📋 TL;DR

This vulnerability allows attackers to inject malicious scripts into FormFacade web pages, which execute in victims' browsers when they visit compromised pages. It affects all WordPress sites using FormFacade plugin versions up to 1.3.2. Attackers can steal session cookies, redirect users, or perform actions on their behalf.

💻 Affected Systems

Products:
  • FormFacade WordPress Plugin
Versions: n/a through 1.3.2
Operating Systems: Any OS running WordPress
Default Config Vulnerable: ⚠️ Yes
Notes: All WordPress installations with vulnerable FormFacade plugin versions are affected regardless of configuration.

📦 What is this software?

Formfacade by Formfacade

View all CVEs affecting Formfacade →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Attackers steal administrator session cookies, gain full control of WordPress site, install backdoors, deface website, or steal sensitive user data.

🟠

Likely Case

Attackers steal user session cookies, redirect visitors to malicious sites, or perform limited actions within the compromised user's context.

🟢

If Mitigated

Script execution is blocked by CSP headers or browser XSS filters, limiting impact to failed exploitation attempts.

🌐 Internet-Facing: HIGH
🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ⚠️ Yes
Weaponized: LIKELY
Unauthenticated Exploit: ⚠️ Yes
Complexity: LOW

Reflected XSS vulnerabilities are commonly weaponized and require minimal technical skill to exploit.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 1.3.3 or later

Vendor Advisory: https://patchstack.com/database/vulnerability/formfacade/wordpress-formfacade-wordpress-plugin-for-google-forms-plugin-1-3-2-cross-site-scripting-xss-vulnerability?_s_id=cve

Restart Required: No

Instructions:

1. Log into WordPress admin panel. 2. Navigate to Plugins → Installed Plugins. 3. Find FormFacade and click 'Update Now'. 4. Verify version is 1.3.3 or higher.

🔧 Temporary Workarounds

Temporary Plugin Deactivation

all

Disable FormFacade plugin until patched version is available

wp plugin deactivate formfacade

Content Security Policy Implementation

all

Add CSP headers to block inline script execution

Add to .htaccess: Header set Content-Security-Policy "default-src 'self'; script-src 'self'"
Add to nginx config: add_header Content-Security-Policy "default-src 'self'; script-src 'self'";

🧯 If You Can't Patch

  • Implement Web Application Firewall (WAF) with XSS protection rules
  • Disable FormFacade plugin and use alternative form solutions

🔍 How to Verify

Check if Vulnerable:

Check WordPress admin → Plugins → Installed Plugins → FormFacade version

Check Version:

wp plugin get formfacade --field=version

Verify Fix Applied:

Verify FormFacade version is 1.3.3 or higher in WordPress plugins list

📡 Detection & Monitoring

Log Indicators:

  • Unusual GET/POST requests with script tags in parameters
  • Multiple failed XSS attempts in web server logs

Network Indicators:

  • HTTP requests containing <script> tags in query parameters
  • Unusual redirects from FormFacade pages

SIEM Query:

source="web_server_logs" AND ("<script" OR "javascript:" OR "onerror=" OR "onload=") AND uri_path="/wp-content/plugins/formfacade/"

📊 Metadata

CVE ID: CVE-2024-43313
CVSS v3 Score: 7.1 (HIGH)
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L
CWE: CWE-79
Published: August 18, 2024
Last Updated: September 12, 2024

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2024-43313, you might also want to check these:

CVE-2021-39199 10.0

CVE-2021-39199 is a critical cross-site scripting (XSS) vulnerability in the remark-html Node.js lib...

Same vulnerability type (CWE-79)
CVE-2021-32671 10.0

This vulnerability in Flarum forum software allows attackers to inject malicious HTML/JavaScript int...

Same vulnerability type (CWE-79)
CVE-2021-32798 10.0

CVE-2021-32798 is a critical vulnerability in Jupyter Notebook that allows malicious notebook files ...

Same vulnerability type (CWE-79)