4 matches found
WordPress Caldera Forms Plugin < 1.9.5 XSS Vulnerability
The WordPress plugin SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:calderaforms:calderaforms"; ifdescription...
CVE-2021-24896
creationtimestamp| type| source ---|---|--- 2021-12-13 14:24:12+00:00| seen| https://t.me/cibsecurity/33815...
CVE-2021-24896 Caldera forms < 1.9.5 - Admin+ Stored Cross-Site Scripting
The Caldera Forms WordPress plugin before 1.9.5 does not sanitise and escape the Form Name before outputting it in attributes, which could allow high privilege users to perform Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed...
CVE-2021-24896
The CVE-2021-24896 entry concerns the WordPress Caldera Forms plugin prior to 1.9.5. The vulnerability arises because the plugin fails to sanitise and escape the Form Name before outputting it in HTML attributes, enabling Cross-Site Scripting (XSS) by high-privilege users even when unfiltered_htm...