Product Enquiry for WooCommerce < 3.1 - Admin+ Stored XSS

Description The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup Form Customizer: 1. Navigate to...

WordPress WordPress Form Customizer | CF7 Customizer Plugin <= 1.6.1 is vulnerable to Cross Site Scripting (XSS)

Software WordPress Form Customizer | CF7 Customizer Type Plugin Vulnerable versions = 1.6.1 Fixed in N/A OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2023-33999 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 3a6ce9d015a7 Credits Rafie...

WordPress WordPress Form Customizer | CF7 Customizer plugin <= 1.6.1 - Sensitive Information Disclosure vulnerability

Sensitive Information Disclosure vulnerability discovered in WordPress WordPress Form Customizer | CF7 Customizer plugin versions = 1.6.1. Solution No patched version available...

WordPress WordPress Form Customizer | CF7 Customizer plugin <= 1.6.1 - Toggle The Debug Mode via Cross-Site Request Forgery (CSRF) vulnerability

Toggle The Debug Mode via Cross-Site Request Forgery CSRF vulnerability discovered in WordPress WordPress Form Customizer | CF7 Customizer plugin versions = 1.6.1. Solution No patched version available...