CVE-2024-9613

CVE-2024-9613 affects the FormFacade – WordPress plugin for Google Forms. It is a Reflected Cross-Site Scripting vulnerability reachable without authentication, exploitable via the 'userId' and 'publishId' parameters in all versions up to 1.3.6 due to insufficient input sanitization and output es...

WordPress Google Forms plugin cross-site scripting vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. WordPress Google Forms plug...

CVE-2022-3834

The Google Forms WordPress plugin through 0.95 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

PT-2022-24377 · WordPress · Google Forms

Name of the Vulnerable Software and Affected Versions: Google Forms WordPress plugin versions 0.95 and earlier Description: The issue allows high privilege users, such as admins, to perform Stored Cross-Site Scripting attacks. This can occur even when the unfiltered html capability is disallowed,...