2 matches found
CVE-2022-1326
The Form - Contact Form WordPress plugin through 1.2.0 does not sanitize and escape Custom text fields, which could allow high-privileged users such as admin to perform Cross-Site Scripting attacks even when unfilteredhtml is disallowed...
CVE-2022-1326
The CVE-2022-1326 entry applies to the WordPress plugin Form - Contact Form, affected up to version 1.2.0 (and 1.2.4 in CNVD/CVE records) where Custom text fields were not sanitized/escaped, enabling Stored XSS by high-privilege users (e.g., admin) when embedding forms. Impact stated as Admin+ St...