3 matches found
CVE-2024-10560
The Form Maker by 10Web WordPress plugin before 1.15.30 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...
CVE-2024-10560
CVE-2024-10560 affects the WordPress plugin Form Maker by 10Web, specifically versions before 1.15.30. The issue is a failure to sanitize/escape certain settings, enabling stored XSS by high-privilege users (e.g., admins) even when unfiltered_html is disallowed (such as in multisite setups). The ...
CVE-2024-10560 Form Maker by 10Web < 1.15.30 - Admin+ Stored XSS
The Form Maker by 10Web WordPress plugin before 1.15.30 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...