WPForms 1.7.8 contains a cross-site scripting vulnerability in the slider import search feature and tab parameter. Attackers can inject malicious scripts through the ListTable.php endpoint to execute arbitrary JavaScript in victim's browser.
oryginał ENCVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:XWpforms
APPWpforms≤ 1.7.8
Powiązane podatności
The WPForms plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capabilit...
The WPForms Pro plugin for WordPress is vulnerable to Stored Cross-Site Scripting via form submission paramete...
The WPForms – Easy Form Builder for WordPress – Contact Forms, Payment Forms, Surveys, & More plugin for WordP...
Missing Authorization vulnerability in Syed Balkhi Contact Form by WPForms wpforms-lite allows Exploiting Inco...
The WPForms WordPress plugin before 1.9.2.3 does not sanitise and escape some of its settings, which could al...