3 matches found
WordPress Simple Basic Contact Form plugin < 20250114 - Admin+ Stored XSS vulnerability
Admin+ Stored XSS vulnerability discovered by Krugov Artyom in WordPress Plugin Simple Basic Contact Form versions 20250114...
CVE-2024-12716 Simple Basic Contact Form < 20250114 - Admin+ Stored XSS
The Simple Basic Contact Form WordPress plugin before 20250114 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setu...
CVE-2024-12716 Simple Basic Contact Form < 20250114 - Admin+ Stored XSS
The Simple Basic Contact Form WordPress plugin before 20250114 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setu...