3 matches found
CVE-2024-7056
creationtimestamp| type| source ---|---|--- 2024-11-25 06:17:19+00:00| seen| https://infosec.exchange/users/cve/statuses/113542131773212483...
CVE-2024-7056
CVE-2024-7056 affects WPForms for WordPress (pre-1.9.1.6). The issue is caused by insufficient sanitization/escaping of certain settings, enablingStored XSS by high-privilege users (e.g., Administrator) even when unfiltered_html is disabled (such as in multisite setups). The Red Hat and CVE lists...
CVE-2024-7056 WPForms < 1.9.1.6 - Admin+ Stored XSS
The WPForms WordPress plugin before 1.9.1.6 does not sanitise and escape some of its settings, which could allow high privilege users such as Admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...