CVE-2024-7692

The Flaming Forms WordPress plugin through 1.0.1 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin...

WordPress Flaming Forms Plugin <= 1.0.1 is vulnerable to Cross Site Scripting (XSS)

Software Flaming Forms Type Plugin Vulnerable versions = 1.0.1 Fixed in N/A OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-7692 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 2875f02b2e42 Credits Bob Matyas Required...

CVE-2024-7692

The Flaming Forms WordPress plugin through 1.0.1 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin...

PT-2024-38513 · WordPress · Flaming Forms

Name of the Vulnerable Software and Affected Versions: Flaming Forms WordPress plugin versions 1.0.1 and earlier Description: The issue is related to the Flaming Forms WordPress plugin, which does not properly sanitise and escape certain parameters. This could allow unauthenticated users to perfo...