CVE-2024-11934

The Formaloo Form Maker & Customer Analytics for WordPress & WooCommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'formaloo' shortcode in all versions up to, and including, 2.1.3.2 due to insufficient input sanitization and output escaping. This makes it possible...

CVE-2024-11934 Formaloo Form Maker & Customer Analytics for WordPress & WooCommerce <= 2.1.3.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via address Parameter

The Formaloo Form Maker & Customer Analytics for WordPress & WooCommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘address’ parameter in all versions up to, and including, 2.1.3.2 due to insufficient input sanitization and output escaping. This makes it possible f...

PT-2025-1720 · WordPress · Formaloo Form Maker & Customer Analytics

Name of the Vulnerable Software and Affected Versions: Formaloo Form Maker & Customer Analytics for WordPress & WooCommerce plugin for WordPress versions up to, and including, 2.1.3.2 Description: The issue is related to Stored Cross-Site Scripting via the address parameter due to insufficient...

WordPress plugin Formaloo Form Maker & Customer Analytics for WordPress & WooCommerce 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A cross-site scripting vulnerability exists...

WordPress Formaloo Form Maker plugin <= 2.1.3.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via address Parameter vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via address Parameter vulnerability discovered by Peter Thaleikis in WordPress Plugin Formaloo Form Maker versions = 2.1.3.2...