CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 1CVE-2021-24718 – ARForms Form Builder < 1.5 - Admin+ Stored Cross Site Scripting
https://notcve.org/view.php?id=CVE-2021-24718
The Contact Form, Survey & Popup Form Plugin for WordPress plugin before 1.5 does not properly sanitize some of its settings allowing high privilege users to perform Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed El plugin Contact Form, Survey & Popup Form para WordPress versiones anteriores a 1.5, no sanea correctamente algunos de sus ajustes, permitiendo a usuarios con altos privilegios llevar a cabo ataques de tipo Cross-Site Scripting incluso cuando la capacidad unfiltered_html está deshabilitada The Contact Form, Survey & Popup Form Plugin for WordPress plugin before 1.5 does not properly sanitize some of its settings allowing high privilege users to perform Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed. • https://wpscan.com/vulnerability/60c9d78f-ae2c-49e0-aca3-6dce1bd8f697 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •