2 matches found
CVE-2023-4950 Funnelforms Free < 3.4 Unauthenticated Stored Cross-Site Scripting
The Interactive Contact Form and Multi Step Form Builder WordPress plugin before 3.4 does not sanitise and escape some parameters, which could allow unauthenticated users to perform Cross-Site Scripting attacks...
CVE-2023-4950
CVE-2023-4950 affects the WordPress plugin Interactive Contact Form and Multi Step Form Builder (Funnelforms Free) prior to version 3.4. The issue is an unauthenticated stored Cross-Site Scripting (XSS) caused by insufficient sanitization/escaping of certain parameters, enabling an attacker to in...