4 matches found
CVE-2022-1046
The Visual Form Builder WordPress plugin before 3.0.7 does not sanitise and escape the form's 'Email to' field , which could allow high privilege users to perform Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed...
CVE-2022-1046
The Visual Form Builder WordPress plugin before 3.0.7 does not sanitise and escape the form's 'Email to' field , which could allow high privilege users to perform Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed...
CVE-2022-1046 Visual Form Builder < 3.0.7 - Admin+ Stored Cross-Site Scripting
The Visual Form Builder WordPress plugin before 3.0.7 does not sanitise and escape the form's 'Email to' field , which could allow high privilege users to perform Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed...
CVE-2022-1046
The CVE-2022-1046 entry concerns the WordPress Visual Form Builder plugin prior to 3.0.7. The vulnerability arises because the plugin does not sanitize and escape the form field labeled 'Email to', enabling stored Cross-Site Scripting (XSS) by high-privilege users even when unfiltered_html is dis...