2 matches found
CVE-2017-18600
The formcraft3 plugin before 3.4 for WordPress has stored XSS via the "New Form Heading Heading Text" field...
CVE-2017-18600
The CVE-2017-18600 entry describes a stored XSS vulnerability in the FormCraft3 WordPress plugin prior to version 3.4, specifically via the New Form > Heading > Heading Text field. The root cause is insufficient validation/ sanitization of client-side data, allowing injected script to run w...