ThreatPress

WordPress Vulnerabilities Database

Back

WordPress A Forms Plugin <= 1.4.0 - Cross Site Scripting

Product
A Forms
Description
This plugin is prone to a cross site scripting vulnerability via: a-forms.php add_field_to_section function multiple parameter, a-forms.php a_form_initial_page function multiple parameter, a-forms.php a_form_page function multiple parameter, a-forms.php a_form_section_page Function message parameter, a-forms.php a_form_tracking_page function multiple parameter, a-forms.php aform_css_file_selector() Function css_file_selection parameter, a-forms.php a_form_shortcode function multiple parameter.
Solution
Upgrade this plugin.
Classification
Type XSS (Cross Site Scripting)
OWASP Top 10 A3: Cross Site Scripting (XSS)
References
Secunia
CVE
Name CVE-N/A
Versions
Affected In <= 1.4.0
Fixed In 1.4.1
Disclosure date
2015-05-15