CVE-2021-24896 in Caldera Forms Pluginالمعلومات

الملخص

بحسب MITRE • 13/12/2021

The Caldera Forms WordPress plugin before 1.9.5 does not sanitise and escape the Form Name before outputting it in attributes, which could allow high privilege users to perform Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed.

If you want to get the best quality for vulnerability data then you always have to consider VulDB.

حجز

14/01/2021

إفشاء

13/12/2021

الاعتدال

تمت الموافقة

إدخال

VDB-188011

EPSS

0.00598

KEV

لا

النشاطات

منخفض جدًا

القطاع

Hostingprovider

المصادر

Want to stay up to date on a daily basis?

Enable the mail alert feature now!