3 matches found
CVE-2022-1564
The Form Maker by 10Web WordPress plugin before 1.14.12 does not sanitize and escape the Custom Text settings, which could allow high privilege user such as admin to perform Cross-Site Scripting attacks even when unfilteredhtml is disallowed...
CVE-2022-1564 Form Maker By 10Web < 1.14.12 - Admin+ Stored Cross-Site Scripting
The Form Maker by 10Web WordPress plugin before 1.14.12 does not sanitize and escape the Custom Text settings, which could allow high privilege user such as admin to perform Cross-Site Scripting attacks even when unfilteredhtml is disallowed...
CVE-2022-1564
CVE-2022-1564 concerns the WordPress Form Maker by 10Web plugin (pre-1.14.12) where the Custom Text settings are not sanitized/escaped, enabling stored Cross-Site Scripting by high-privilege users (e.g., admins) when unfiltered_html is disallowed. Impact described in multiple sources includes an ...