CVE-2024-6243
July 22, 2024, 1 p.m.
Tags
Product(s) Impacted
WordPress HTML Forms plugin
- before 1.3.33
Description
The HTML Forms WordPress plugin before 1.3.33 does not sanitize and escape the form message inputs, allowing high-privilege users, such as administrators, to perform Stored Cross-Site Scripting (XSS) attacks even when the unfiltered_html capability is disabled.
Weaknesses
Date
Published: July 22, 2024, 6:15 a.m.
Last Modified: July 22, 2024, 1 p.m.
Status : Awaiting Analysis
CVE has been recently published to the CVE List and has been received by the NVD.
More infoSource
contact@wpscan.com
References
contact@wpscan.com