CVE: CVE-2024-7056

Descrizione: The WPForms WordPress plugin before 1.9.1.6 does not sanitise and escape some of its settings, which could allow high privilege users such as Admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup).

Vettore di attacco

Riferimenti esterni

• https://wpscan.com/vulnerability/467af13e-25bd-425c-929d-5dd06e28d595/

Prodotti interessati

• Unknown – WPForms

Relazioni con altri prodotti

Produttore:Unknown
Prodotto: WPForms
Anno: 2024
CWE:
CVSS: 0.0