3 matches found
CVE-2022-1647
creationtimestamp| type| source ---|---|--- 2022-06-08 14:42:37+00:00| seen| https://t.me/cibsecurity/43989...
CVE-2022-1647
The FormCraft WordPress plugin before 1.2.6 does not sanitise and escape Field Labels, allowing high privilege users such as admin to perform Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed...
CVE-2022-1647
CVE-2022-1647 affects the WordPress FormCraft Basic plugin (versions before 1.2.6). The root cause is failure to sanitize/escape Field Labels, enabling stored XSS by high-privilege users (e.g., admins) when saving labels. Exploitation results in JavaScript execution in pages/posts that embed the ...