CVE-2024-6243

July 22, 2024, 1 p.m.

Product(s) Impacted

WordPress HTML Forms plugin

  • before 1.3.33

Description

The HTML Forms WordPress plugin before 1.3.33 does not sanitize and escape the form message inputs, allowing high-privilege users, such as administrators, to perform Stored Cross-Site Scripting (XSS) attacks even when the unfiltered_html capability is disabled.

Weaknesses

Date

Published: July 22, 2024, 6:15 a.m.

Last Modified: July 22, 2024, 1 p.m.

Status : Awaiting Analysis

CVE has been recently published to the CVE List and has been received by the NVD.

More info

Source

contact@wpscan.com

References