CVE-2024-47624
Description
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in bannersky BSK Forms Blacklist bsk-gravityforms-blacklist allows Reflected XSS.This issue affects BSK Forms Blacklist: from n/a through <= 3.8.1.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
BSK Forms Blacklist plugin ≤3.8.1 suffers from a reflected XSS vulnerability via improper input neutralization, allowing script injection if a privileged user interacts with a crafted link.
The BSK Forms Blacklist plugin for WordPress versions from n/a through 3.8.1 contains a reflected cross-site scripting (XSS) vulnerability. This is caused by improper neutralization of user input during web page generation, enabling an attacker to inject arbitrary scripts into a page.
Exploitation requires user interaction: a privileged user (such as an administrator) must click a malicious link, visit a crafted page, or submit a specially prepared form. The attacker does not need prior authentication but relies on tricking an authenticated user into performing the action [1].
If successfully exploited, the injected script could perform actions like redirecting visitors, displaying advertisements, or injecting other HTML payloads into the site, potentially compromising the integrity of the site's content for all visitors [1].
The vulnerability has been patched in version 3.9 of the plugin. Users are advised to update immediately. Patchstack has also issued a mitigation rule to block attacks until the update can be applied [1].
AI Insight generated on May 20, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
1- Range: <=3.8.1
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
1News mentions
0No linked articles in our index yet.