2 matches found
CVE-2020-10385
CVE-2020-10385 describes a stored cross-site scripting (XSS) vulnerability in the WordPress plugin WPForms Lite (wpforms-lite) before version 1.5.9. The root cause is insufficient validation/sanitization of user input in the Form Description and Field Description fields, enabling injected scripts...
CVE-2024-11273
CVE-2024-11273 affects the WordPress plugin "Contact Form & SMTP Plugin for WordPress by PirateForms" prior to version 2.6.0. The issue is due to insufficient sanitisation/escaping of certain settings, enabling Stored Cross-Site Scripting by high-privilege users (e.g., admin), even when unfiltere...