2 matches found
CVE-2024-9651
creationtimestamp| type| source ---|---|--- 2024-12-09 06:02:35+00:00| seen| https://infosec.exchange/users/cve/statuses/113621346222099578 2024-12-09 08:00:17+00:00| seen| https://t.me/cvedetector/12364...
CVE-2024-9651 Contact Form Plugin by Fluent Forms < 5.2.1 - Admin+ Stored XSS
The Fluent Forms WordPress plugin before 5.2.1 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...