2 matches found
CVE-2023-2701
CVE-2023-2701 affects Gravity Forms for WordPress prior to 2.7.5. The issue is that the plugin does not escape generated URLs before outputting them in HTML attributes, causing a Reflected XSS that could target admin/high-privilege users. Remediation: upgrade to Gravity Forms 2.7.5 or later (or a...
CVE-2017-18495
The connected records confirm CVE-2017-18495 affects the Gravity Forms SMS Notifications plugin for WordPress, with a cross-site scripting (XSS) vulnerability in versions prior to 2.4.0. The issue arises from insufficient validation of client-side data, enabling an attacker to execute client-side...