CVE-2023-4950 – Funnelforms Free < 3.4 Unauthenticated Stored Cross-Site Scripting

https://notcve.org/view.php?id=CVE-2023-4950

18 Sep 2023 — The Interactive Contact Form and Multi Step Form Builder WordPress plugin before 3.4 does not sanitise and escape some parameters, which could allow unauthenticated users to perform Cross-Site Scripting attacks El complemento Interactive Contact Form and Multi Step Form Builder de WordPress anterior a 3.4 no sanitiza ni escapa a algunos parámetros, lo que podría permitir a usuarios no autenticados realizar ataques de Cross-Site Scripting The Funnelforms Free plugin for WordPress is vulnerable to Stored Cros... • https://wpscan.com/vulnerability/73db1ee8-06a2-41b6-b287-44e25f5f2e58 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •