WordPress Happyforms Plugin <= 1.25.9 is vulnerable to Cross Site Scripting (XSS)

Software Happyforms Type Plugin Vulnerable versions = 1.25.9 Fixed in 1.25.10 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2023-48752 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 31f86188864b Credits Le Ngoc Anh Required privilege...

CVE-2023-0096

The Happyforms WordPress plugin before 1.22.0 does not validate and escape some of its block options before outputting them back in a page/post where the block is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks...

CVE-2023-0096

The Happyforms WordPress plugin before 1.22.0 does not validate and escape some of its block options before outputting them back in a page/post where the block is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks...

CVE-2023-0096 Happyforms < 1.22.0 - Contributor+ Stored XSS

The Happyforms WordPress plugin before 1.22.0 does not validate and escape some of its block options before outputting them back in a page/post where the block is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks...

CVE-2023-0096 Happyforms < 1.22.0 - Contributor+ Stored XSS

The Happyforms WordPress plugin before 1.22.0 does not validate and escape some of its block options before outputting them back in a page/post where the block is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks...

WordPress Plugin Happyforms 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A cross-site scripting vulnerability exists...

Happyforms < 1.22.0 - Contributor+ Stored XSS

The plugin does not validate and escape some of its block options before outputting them back in a page/post where the block is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks. Exploit Additional CSS classes for "Forms" Gutenberg...

Happyforms < 1.22.0 - Contributor+ Stored XSS

The plugin does not validate and escape some of its block options before outputting them back in a page/post where the block is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks. PoC Exploit Additional CSS classes for "Forms" Gutenbe...

WordPress Happyforms Plugin < 1.22.0 is vulnerable to Cross Site Scripting (XSS)

Software Happyforms Type Plugin Vulnerable versions 1.22.0 Fixed in 1.22.0 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-0096 Patch priority Medium CVSS severity Medium 6.5 Developer Claim ownership PSID d99bfc7fc4ba Credits Lana Codes Required...