3 matches found
CVE-2023-3645
CVE-2023-3645 affects the WordPress plugin Contact Form Builder by Bit Form (pre-2.2.0). Vulnerability: Stored XSS due to insufficient sanitization/escaping of settings, enabling admin+ attackers to inject scripts even when unfiltered_html is disallowed (e.g., multisite). Affected product/version...
CVE-2023-3645 Contact Form Builder by Bit Form < 2.2.0 - Admin+ Stored XSS
The Contact Form Builder by Bit Form WordPress plugin before 2.2.0 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite...
WordPress Bit Form – Contact Form Plugin Plugin < 2.2.0 is vulnerable to Cross Site Scripting (XSS)
Software Bit Form – Contact Form Plugin Type Plugin Vulnerable versions 2.2.0 Fixed in 2.2.0 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-3645 Patch priority Low CVSS severity Low 5.9 Developer Claim ownership PSID b2583fb097cb Credits Dipak Panch...