Back
WordPress Forminator plugin <= 1.5.4 - Unauthenticated Persistent Cross-Site Scripting (XSS) vulnerability
- Product
- Forminator
- Description
- Unauthenticated Persistent Cross-Site Scripting (XSS) vulnerability found by Tim Coen in WordPress Forminator plugin (versions <= 1.5.4).
- Solution
- Update the WordPress Forminator plugin to the latest available version (at least 1.6).
- Classification
-
Type XSS (Cross Site Scripting)
OWASP Top 10 A3: Cross Site Scripting (XSS)
- References
-
Plugin changelog
- CVE
- Name CVE-N/A
- Versions
-
Affected In
<= 1.5.4
Fixed In 1.6
- Disclosure date
- 2019-02-06
- Credits
- Tim Coen
- Submitter
- ThreatPress