The NEX-Forms WordPress plugin before 8.4.4 does not escape its form name, which could lead to Stored Cross-Site Scripting issues. By default only SuperAdmins (in multisite) / admins (in single site) can create forms, however there is a settings allowing them to give lower roles access to such feature.
References
Link | Resource |
---|---|
https://wpscan.com/vulnerability/04cea9aa-b21c-49f8-836b-2d312253e09a | Third Party Advisory |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: WPScan
Published: 2023-07-17T13:29:58.934Z
Updated: 2023-07-17T13:29:58.934Z
Reserved: 2023-01-23T12:47:50.956Z
Link: CVE-2023-0439
JSON object: View
NVD Information
Status : Modified
Published: 2023-07-17T14:15:09.553
Modified: 2023-11-07T04:00:28.497
Link: CVE-2023-0439
JSON object: View
Redhat Information
No data.
CWE
No CWE.