2 matches found
CVE-2021-24700
The Forminator WordPress plugin before 1.15.4 does not sanitize and escape the email field label, which could allow high privilege users to perform Cross-Site Scripting attacks even when the unfilteredhtml is disallowed...
CVE-2021-24700
CVE-2021-24700 – Forminator WordPress plugin vulnerability : The WordPress Forminator plugin versions before 1.15.4 do not sanitize and escape the email field label, enabling stored Cross-Site Scripting (XSS) by high-privilege users. Affected software: Forminator Form plugin for WordPress; vulner...