3 matches found
CVE-2023-2701
CVE-2023-2701 affects Gravity Forms for WordPress prior to 2.7.5. The issue is that the plugin does not escape generated URLs before outputting them in HTML attributes, causing a Reflected XSS that could target admin/high-privilege users. Remediation: upgrade to Gravity Forms 2.7.5 or later (or a...
CVE-2017-17780
CVE-2017-17780 describes a Reflected XSS in the Clockwork SMS WordPress integration. The vulnerability resides in clockwork-test-message.php and is triggered by a crafted value in the GET parameter to, e.g., wp-admin/admin.php?page=clockwork_test_message. The issue affects multiple plugins that e...
CVE-2017-18495
The connected records confirm CVE-2017-18495 affects the Gravity Forms SMS Notifications plugin for WordPress, with a cross-site scripting (XSS) vulnerability in versions prior to 2.4.0. The issue arises from insufficient validation of client-side data, enabling an attacker to execute client-side...