The Forminator WordPress plugin... CVE-2023-5119

- AV AC AU C I A
发布: 2023-11-20
修订: 2023-11-27

The Forminator WordPress plugin before 1.27.0 does not properly sanitize the redirect-url field in the form submission settings, which could allow high-privilege users such as an administrator to inject arbitrary web scripts even when the unfiltered_html capability is disallowed (for example in a multisite setup).

0%
暂无可用Exp或PoC
当前有1条受影响产品信息