Lucene search
K

4 matches found

OSV
OSV
added 2022/05/02 4:15 p.m.4 views

CVE-2022-1046

The Visual Form Builder WordPress plugin before 3.0.7 does not sanitise and escape the form's 'Email to' field , which could allow high privilege users to perform Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed...

4.8CVSS5.8AI score0.00577EPSS
Exploits2References1
ATTACKERKB
ATTACKERKB
added 2022/05/02 4:15 p.m.7 views

CVE-2022-1046

The Visual Form Builder WordPress plugin before 3.0.7 does not sanitise and escape the form's 'Email to' field , which could allow high privilege users to perform Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed...

4.8CVSS5.5AI score0.00577EPSS
Exploits2References2
Cvelist
Cvelist
added 2022/05/02 4:5 p.m.30 views

CVE-2022-1046 Visual Form Builder < 3.0.7 - Admin+ Stored Cross-Site Scripting

The Visual Form Builder WordPress plugin before 3.0.7 does not sanitise and escape the form's 'Email to' field , which could allow high privilege users to perform Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed...

5AI score0.00577EPSS
Exploits2References1
CVE
CVE
added 2022/05/02 4:5 p.m.139 views

CVE-2022-1046

The CVE-2022-1046 entry concerns the WordPress Visual Form Builder plugin prior to 3.0.7. The vulnerability arises because the plugin does not sanitize and escape the form field labeled 'Email to', enabling stored Cross-Site Scripting (XSS) by high-privilege users even when unfiltered_html is dis...

4.8CVSS4.7AI score0.00577EPSS
Exploits2References1Affected Software1
Rows per page
Query Builder