In WPForms WordPress plugin versions prior to 1.9.2.3 a medium severity vulnerability CVE-2024-11223 was detected. This vulnerability allows high-privilege users, such as administrators, to perform Stored Cross-Site Scripting attacks, even when the unfiltered_html capability is disabled (e.g., in multisite setups). To address this issue, users should upgrade to version 1.9.2.3 or later. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2024-11223.
WordPress: Stored XSS Vulnerability in WPForms Plugin
by the Hossted team
26.12.2024
26.12.2024