PT-2023-31078 · WordPress · Formzu Wp

Name of the Vulnerable Software and Affected Versions: Formzu WP versions 1.6.6 and earlier Description: The issue is related to improper neutralization of input during web page generation, which allows for stored cross-site scripting XSS. This means that an attacker can inject malicious scripts...

Formzu WP < 1.6.7 - Contributor+ Stored XSS via id

Description The plugin does not validate and escape the ‘id’ parameter, allowing users with the contributor role and above perform Stored XSS attacks...