2 matches found
CVE-2023-3501 FormCraft < 1.2.7 - Admin+ Stored XSS
The FormCraft WordPress plugin before 1.2.7 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...
CVE-2023-3501
CVE-2023-3501 affects the FormCraft WordPress plugin prior to 1.2.7. The issue is insufficient sanitisation/escaping of certain settings, enabling a Stored XSS by high-privilege users (e.g., admins) even when unfiltered_html is disallowed (such as in multisite). Reported impact is stored XSS with...