3 matches found
CVE-2024-12112
creationtimestamp| type| source ---|---|--- 2025-01-08 03:39:11+00:00| seen| https://t.me/DarkWebInformerCVEAlerts/621 2025-01-08 04:15:47+00:00| seen| https://bsky.app/profile/cve-notifications.bsky.social/post/3lf7ciujp5l22 2025-01-08 05:46:57+00:00| seen| https://t.me/cvedetector/14649...
CVE-2024-12112 Easy Form Builder <= 3.8.8 - Missing Authorization to Authenticated (Subscriber+) Stored Cross-Site Scripting
The Easy Form Builder – WordPress plugin form builder: contact form, survey form, payment form, and custom form builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'name' parameter of the 'addformEmsfb' AJAX action in all versions up to, and including, 3.8.8 due to...
CVE-2024-12112
CVE-2024-12112 (Easy Form Builder for WordPress) Stored Cross-Site Scripting vulnerability in the add_form_Emsfb AJAX action occurs via the name parameter. Affected: Easy Form Builder plugin for WordPress (all versions up to 3.8.8). Root cause: insufficient input sanitization and output escaping ...