Cyber Posture

CVE-2024-56060

High

Published: 02 January 2025

Published
02 January 2025
Modified
23 April 2026
KEV Added
Patch
CVSS Score 7.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L
EPSS Score 0.0019 41.1th percentile
Risk Priority 14 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2024-56060 is a high-severity Cross-site Scripting (CWE-79) vulnerability. Its CVSS base score is 7.1 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked at the 41.1th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-15 (Information Output Filtering).

Threat & Defense at a Glance

What attackers do: exploitation maps to Exploit Public-Facing Application (T1190). What defenders deploy: see the NIST 800-53 controls recommended below.
Threat & Defense Details

Mitigating Controls (NIST 800-53 r5)AI

SI-2 Flaw Remediation good match
prevent

Directly requires identifying, reporting, and correcting the specific XSS flaw in the HTML Forms plugin by applying patches beyond version 1.4.1.

SI-10 Information Input Validation good match
prevent

Mandates validation of reflected inputs in the HTML Forms plugin to block malicious payloads that enable XSS exploitation.

SI-15 Information Output Filtering good match
prevent

Requires filtering of reflected form outputs to neutralize XSS scripts before rendering in users' browsers.

MITRE ATT&CK Enterprise TechniquesAI

T1190 Exploit Public-Facing Application Initial Access
Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.
attack.mitre.org →
Why these techniques?

Reflected XSS in publicly accessible WordPress plugin directly enables remote exploitation of a web-facing application without authentication.

Confidence: HIGH · MITRE ATT&CK Enterprise v18.1

NVD Description

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Link Software LLC HTML Forms html-forms allows Reflected XSS.This issue affects HTML Forms: from n/a through <= 1.4.1.

Deeper analysisAI

CVE-2024-56060 is an Improper Neutralization of Input During Web Page Generation vulnerability, classified as Reflected Cross-site Scripting (XSS) under CWE-79, in the HTML Forms WordPress plugin developed by Link Software LLC. The flaw affects all versions of the html-forms plugin up to and including 1.4.1. It carries a CVSS v3.1 base score of 7.1, reflecting network accessibility, low attack complexity, no required privileges, user interaction dependency, changed scope, and low impacts on confidentiality, integrity, and availability.

Remote attackers without privileges can exploit this vulnerability by crafting malicious payloads delivered through reflected inputs on sites running the vulnerable plugin. Exploitation requires tricking a user, such as a site visitor or administrator, into interacting with a malicious link or form submission that triggers the XSS payload in the browser context. With changed scope, successful exploitation allows limited theft or modification of data within the site's security context, such as session tokens or page content, alongside minor denial-of-service potential.

The Patchstack advisory at the provided reference URL documents this Reflected XSS issue specifically in WordPress HTML Forms plugin version 1.4.1, serving as a key resource for mitigation details in the plugin's vulnerability database.

Details

CWE(s)
CWE-79

CVEs Like This One

CVE-2026-23807Shared CWE-79
CVE-2025-27005Shared CWE-79
CVE-2025-68520Shared CWE-79
CVE-2026-0800Shared CWE-79
CVE-2025-26555Shared CWE-79
CVE-2025-46199Shared CWE-79
CVE-2025-23570Shared CWE-79
CVE-2024-56056Shared CWE-79
CVE-2025-70038Shared CWE-79
CVE-2025-64054Shared CWE-79

References