CVE-2024-1905 Smart Forms < 2.6.96 - Admin+ Stored XSS

The Smart Forms WordPress plugin before 2.6.96 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

PT-2024-17910 · WordPress · Smart Forms

Name of the Vulnerable Software and Affected Versions: The Smart Forms WordPress plugin versions prior to 2.6.94 Description: The issue is related to the lack of CSRF checks in some places, which could allow attackers to make logged-in users perform unwanted actions via CSRF attacks, such as...