3 matches found
CVE-2024-6770
The Lifetime free Drag & Drop Contact Form Builder for WordPress VForm plugin for WordPress is vulnerable to Stored Cross-Site Scripting in all versions up to, and including, 2.1.5 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to...
CVE-2024-6770 Lifetime free Drag & Drop Contact Form Builder for WordPress VForm <= 2.1.5 - Unauthenticated Stored Cross-Site Scripting
The Lifetime free Drag & Drop Contact Form Builder for WordPress VForm plugin for WordPress is vulnerable to Stored Cross-Site Scripting in all versions up to, and including, 2.1.5 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to...
WordPress VForm Plugin <= 2.1.5 is vulnerable to Cross Site Scripting (XSS)
Software VForm Type Plugin Vulnerable versions = 2.1.5 Fixed in 2.1.6 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-6770 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 84552ffa98ca Credits Artem Polynko Artem Polynko...