3 matches found
CVE-2021-24718
The Contact Form, Survey & Popup Form Plugin for WordPress plugin before 1.5 does not properly sanitize some of its settings allowing high privilege users to perform Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed...
CVE-2021-24718
Affected software: ARForms Form Builder plugin for WordPress (versions < 1.5). Vulnerability: Stored Cross-Site Scripting (XSS) due to improper sanitization of certain settings, enabling high-privilege users to inject scripts even when unfiltered_html is disallowed. Impact: Cross-site scriptin...
CVE-2021-24718 ARForms Form Builder < 1.5 - Admin+ Stored Cross Site Scripting
The Contact Form, Survey & Popup Form Plugin for WordPress plugin before 1.5 does not properly sanitize some of its settings allowing high privilege users to perform Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed...