Forminator < 1.15.4 - Admin+ Stored Cross-Site Scripting
CVE-2021-24700
4.8MEDIUM
What is CVE-2021-24700?
The Forminator WordPress plugin before 1.15.4 does not sanitize and escape the email field label, which could allow high privilege users to perform Cross-Site Scripting attacks even when the unfiltered_html is disallowed
Affected Version(s)
Forminator – Contact Form, Payment Form & Custom Form Builder 1.15.4