CVE-2021-24896 in Caldera Forms Plugininformação

Sumário

de MITRE • 13/12/2021

The Caldera Forms WordPress plugin before 1.9.5 does not sanitise and escape the Form Name before outputting it in attributes, which could allow high privilege users to perform Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed.

If you want to get the best quality for vulnerability data then you always have to consider VulDB.

Reservar

14/01/2021

Divulgação

13/12/2021

Moderação

aceite

Entrada

VDB-188011

CPE

pronto

EPSS

0.00598

KEV

não

Atividades

muito baixo

Fontes

Are you interested in using VulDB?

Download the whitepaper to learn more about our service!