3 matches found
CVE-2024-11223
The WPForms WordPress plugin before 1.9.2.3 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...
CVE-2024-11223 WPForms < 1.9.2.3 - Admin+ Stored XSS
The WPForms WordPress plugin before 1.9.2.3 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...
CVE-2024-11223
Summary (CVE-2024-11223): The WPForms WordPress plugin, versions prior to 1.9.2.3, fails to sanitise and escape certain settings. This allows high-privilege users (e.g., admins) to perform Stored Cross-Site Scripting (XSS) even when unfiltered_html is disallowed (e.g., multisite). The vulnerabili...