The HTML Forms WordPress plugin before 1.3.33 does not sanitize and escape the form message inputs, allowing high-privilege users, such as administrators, to perform Stored Cross-Site Scripting (XSS) attacks even when the unfiltered_html capability is disabled.
Metrics
Affected Vendors & Products
References
History
No history.
MITRE
Status: PUBLISHED
Assigner: WPScan
Published: 2024-07-22T06:00:06.064Z
Updated: 2024-08-01T21:33:05.323Z
Reserved: 2024-06-21T13:19:50.613Z
Link: CVE-2024-6243
Vulnrichment
Updated: 2024-08-01T21:33:05.323Z
NVD
Status : Modified
Published: 2024-07-22T06:15:02.663
Modified: 2024-11-21T09:49:16.137
Link: CVE-2024-6243
Redhat
No data.