WordPress Gravity Forms <= 1.9.15.11 - Authenticated Reflected XSS
Product
Gravity Forms
Description
Because of this vulnerability, the software incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to users.
Solution
Update the plugin.
Classification
Type XSS (Cross Site Scripting) OWASP Top 10 A3: Cross Site Scripting (XSS)