The Form Store to DB WordPress plugin before 1.1.1 does not sanitise and escape parameter keys before outputting it back in the created entry, allowing unauthenticated attacker to perform Cross-Site Scripting attacks against admin
CPE | Name | Operator | Version |
---|---|---|---|
form_store_to_db | lt | 1.1.1 |