The Gravity Forms plugin for WordPress is vulnerable to Unauthenticated Stored Cross-Site Scripting in versions up to and including 2.10.0. This is due to insufficient input validation and output escaping in the SingleProduct field when used inside a Repeater field. When SingleProduct fields are nested within Repeater fields, the validation flow bypasses the state validation mechanism (failed_state_validation()) that would normally prevent tampering with field values. The validate_subfield() method only calls the field's validate() method, which for SingleProduct fields only validates the quantity field and does not check the product name field for tampering. As a result, an attacker can inject arbitrary HTML and JavaScript into the product name field (input .1). This malicious input is then saved to the database without sanitization because sanitize_entry_value() returns raw values when HTML is not expected for the field type. When an administrator views the entry in wp-admin/admin.php?page=gf_entries, the get_value_entry_detail() method outputs the product name without escaping, causing the stored XSS payload to execute in the administrator's browser. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that will execute whenever an administrator accesses an entry containing the malicious payload.
Gravity Forms plugin for WordPress versions up to 2.10.0 is vulnerable to unauthenticated stored cross-site scripting (XSS) through insufficient input validation in nested SingleProduct fields within Repeater fields. Attackers can inject arbitrary HTML and JavaScript into product name fields that bypass validation mechanisms and are stored unsanitized in the database.
يؤثر هذا الضعف على مكون Gravity Forms الشهير المستخدم في العديد من مواقع WordPress في المملكة العربية السعودية. يسمح للمهاجمين بحقن أكواد برمجية ضارة في نماذج الويب التي تستخدم حقول المنتج المتداخلة. قد يؤدي هذا إلى سرقة بيانات المستخدمين أو تعطيل الخدمات أو نشر برامج ضارة.
Gravity Forms plugin for WordPress versions up to 2.10.0 is vulnerable to unauthenticated stored cross-site scripting (XSS) through insufficient input validation in nested SingleProduct fields within Repeater fields. Attackers can inject arbitrary HTML and JavaScript into product name fields that bypass validation mechanisms and are stored unsanitized in the database.
Update Gravity Forms plugin to version 2.10.1 or later immediately. Implement Web Application Firewall (WAF) rules to detect and block XSS payloads. Review and sanitize all existing form submissions for malicious content. Disable Repeater fields with SingleProduct nesting until patched. Implement Content Security Policy (CSP) headers to mitigate XSS impact.
قم بتحديث مكون Gravity Forms إلى الإصدار 2.10.1 أو أحدث فوراً. طبق قواعد جدار حماية تطبيقات الويب لكشف حقن النصوص البرمجية. راجع وقم بتنظيف جميع طلبات النماذج الموجودة للتحقق من المحتوى الضار. عطل حقول Repeater مع SingleProduct حتى يتم تطبيق التصحيح. طبق رؤوس سياسة أمان المحتوى (CSP) للتخفيف من تأثير XSS.