3 matches found
CVE-2021-24907
The Contact Form, Drag and Drop Form Builder for WordPress plugin before 1.8.0 does not escape the status parameter before outputting it back in an attribute, leading to a Reflected Cross-Site Scripting issue...
CVE-2021-24907
The Contact Form, Drag and Drop Form Builder for WordPress plugin before 1.8.0 does not escape the status parameter before outputting it back in an attribute, leading to a Reflected Cross-Site Scripting issue...
CVE-2021-24907
CVE-2021-24907 affects the WordPress Everest Forms plugin (versions before 1.8.0). The issue is a Reflected Cross-Site Scripting vulnerability caused by the plugin failing to escape the status parameter before outputting it in an attribute. Impact is XSS in contexts using that parameter; exploita...