23 matches found
PT-2023-31078 · WordPress · Formzu Wp
Name of the Vulnerable Software and Affected Versions: Formzu WP versions 1.6.6 and earlier Description: The issue is related to improper neutralization of input during web page generation, which allows for stored cross-site scripting XSS. This means that an attacker can inject malicious scripts...
Formzu WP < 1.6.7 - Contributor+ Stored XSS via id
Description The plugin does not validate and escape the ‘id’ parameter, allowing users with the contributor role and above perform Stored XSS attacks...
WordPress Formzu WP Plugin <= 1.6.6 is vulnerable to Cross Site Scripting (XSS)
Software Formzu WP Type Plugin Vulnerable versions = 1.6.6 Fixed in 1.6.7 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2023-49160 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID b816d29117f3 Credits resecured.io Required privilege Contributor...