WordPress FormCraft Premium WordPress Form Builder versions 3.2.31 and below suffer from a persistent Cross-Site Scripting (XSS) vulnerability.
Authenticated Stored XSS: New Form > Heading > Heading Text input field is vulnerable. The payload will execute when the form is displayed.
CPE | Name | Operator | Version |
---|---|---|---|
formcraft3 | lt | 3.4 |