CVE-2024-3113

The FormFlow: WhatsApp Social and Advanced Form Builder with Easy Lead Collection WordPress plugin before 2.12.2 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml...

@briza/air (>=0.1.21 <=0.1.22), @doorons/do-ui (>=1.1.3 <=1.3.6) +7 more potentially affected by CVE-2024-9440 via slim-select (=2.13.1)

slim-select NPM version =2.13.1 is affected by a known vulnerability. The following packages have a transitive dependency on slim-select and may be impacted: - @briza/air =0.1.21, =1.1.3, =0.7.0-beta.2, =0.4.0-beta.8, =4.2.6-alpha.16, =1.0.2, =2.0.0-beta.0, =1.0.9, =2.2.2 Source cves: CVE-2024-94...

CVE-2024-3113

The FormFlow: WhatsApp Social and Advanced Form Builder with Easy Lead Collection WordPress plugin before 2.12.2 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml...

CVE-2024-3113 FormFlow < 2.12.2 - Admin+ Stored XSS

The FormFlow: WhatsApp Social and Advanced Form Builder with Easy Lead Collection WordPress plugin before 2.12.2 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml...

CVE-2024-3113

The CVE CVE-2024-3113 affects the FormFlow – WhatsApp Social and Advanced Form Builder with Easy Lead Collection WordPress plugin (pre-2.12.2). The Red Hat advisory and CVE details indicate this issue stems from inadequate sanitisation/escaping of certain plugin settings, enabling Stored XSS by h...

PT-2024-23793 · WordPress · Formflow: Whatsapp Social/Advanced Form Builder With Easy Lead Collection

Name of the Vulnerable Software and Affected Versions: The FormFlow: WhatsApp Social and Advanced Form Builder with Easy Lead Collection WordPress plugin versions prior to 2.12.2 Description: The issue allows high privilege users, such as admins, to perform Stored Cross-Site Scripting attacks, ev...

WordPress FormFlow plugin < 2.12.2 - Admin+ Stored XSS vulnerability

Admin+ Stored XSS vulnerability discovered by Dikshita Trivedi Cybersecdexter and Dipak Panchal th3.d1p4k in WordPress Plugin FormFlow versions 2.12.2...

WordPress FormFlow Plugin < 2.12.2 is vulnerable to Cross Site Scripting (XSS)

Software FormFlow Type Plugin Vulnerable versions 2.12.2 Fixed in 2.12.2 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-3113 Patch priority Low CVSS severity Low 5.9 Developer Claim ownership PSID 05bb1755ee18 Credits Dikshita Trivedi Cybersecdexter...