3 matches found
CVE-2024-11272
creationtimestamp| type| source ---|---|--- 2025-03-25 06:23:55+00:00| seen| https://t.me/DarkWebInformerCVEAlerts/8614...
CVE-2024-11272
CVE-2024-11272 affects the WordPress plugin Contact Form & SMTP Plugin for WordPress by PirateForms (versions before 2.6.0). The root cause is lack of sanitization and escaping of certain settings, enabling Stored XSS by high-privilege users (e.g., admins) even when unfiltered_html is disallowed ...
CVE-2024-11272 Contact Form & SMTP Plugin for WordPress by PirateForms < 2.6.0 - Admin+ Stored XSS
The Contact Form & SMTP Plugin for WordPress by PirateForms WordPress plugin before 2.6.0 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed fo...