5 matches found
CVE-2024-10054
creationtimestamp| type| source ---|---|--- 2025-05-20 16:41:01+00:00| seen| https://t.me/DarkWebInformerCVEAlerts/17012...
CVE-2024-10054
The Happyforms WordPress plugin before 1.26.3 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...
WordPress Happyforms plugin < 1.26.3 - Admin+ Stored XSS vulnerability
Admin+ Stored XSS vulnerability discovered by Bob Matyas in WordPress Plugin Happyforms versions 1.26.3...
CVE-2024-10054
The Happyforms WordPress plugin before 1.26.3 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...
CVE-2024-10054
The CVE-2024-10054 entry concerns the WordPress Happyforms plugin (versions before 1.26.3). Affected component: settings sanitization/escaping in the plugin allows high-privilege users (e.g., admins) to perform Stored Cross-Site Scripting, potentially even when unfiltered_html is disallowed (nota...