3 matches found
CVE-2024-6243
The HTML Forms WordPress plugin before 1.3.33 does not sanitize and escape the form message inputs, allowing high-privilege users, such as administrators, to perform Stored Cross-Site Scripting XSS attacks even when the unfilteredhtml capability is disabled...
CVE-2024-6243 HTML Forms < 1.3.33 - Admin+ Stored XSS
The HTML Forms WordPress plugin before 1.3.33 does not sanitize and escape the form message inputs, allowing high-privilege users, such as administrators, to perform Stored Cross-Site Scripting XSS attacks even when the unfilteredhtml capability is disabled...
WordPress HTML Forms Plugin < 1.3.33 is vulnerable to Cross Site Scripting (XSS)
Software HTML Forms Type Plugin Vulnerable versions 1.3.33 Fixed in 1.3.33 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-6243 Patch priority Low CVSS severity Low 5.9 Developer Claim ownership PSID 9d51e0c8f019 Credits Majdeddine Ben Hadj Brahim...