3 matches found
CVE-2023-5955
The Contact Form Email WordPress plugin before 1.3.44 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...
CVE-2023-5955 Contact Form Email < 1.3.44 - Editor+ Stored Cross-Site Scripting
The Contact Form Email WordPress plugin before 1.3.44 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...
CVE-2023-5955
CVE-2023-5955 affects the WordPress plugin Contact Form Email up to version 1.3.44 . The issue arises because the plugin does not adequately sanitize and escape certain settings, enabling stored XSS via an exploited admin/editor action, including scenarios where the unfiltered_html capability is ...