PT-2026-31049
The Gravity Forms plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Credit Card field's 'Card Type' sub-field input .4 in all versions up to, and including, 2.9.30. This is due to the get value entry detail method in the GF Field CreditCard class outputting the card type...