Unauthenticated Cross-Site Scripting (XSS) vulnerability via SVG image upload discovered by Ngo Van Thien (Patchstack Alliance) in WordPress Tripetto plugin (versions <= 5.1.4).
Update the WordPress Tripetto plugin to the latest available version (at least 5.2.0).
CPE | Name | Operator | Version |
---|---|---|---|
wordpress form builder plugin for contact forms, surveys and quizzes – tripetto | le | 5.1.4 |