RSS   Vulnerabilities for 'Caldera forms'   RSS

2021-12-13
 
CVE-2021-24896

CWE-79
 

 
The Caldera Forms WordPress plugin before 1.9.5 does not sanitise and escape the Form Name before outputting it in attributes, which could allow high privilege users to perform Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed.

 
2018-04-20
 
CVE-2018-7747

CWE-79
 

 
Multiple cross-site scripting (XSS) vulnerabilities in the Caldera Forms plugin before 1.6.0-rc.1 for WordPress allow remote attackers to inject arbitrary web script or HTML via vectors involving (1) a greeting message, (2) the email transaction log, or (3) an imported form.

 


Copyright 2024, cxsecurity.com

 

Back to Top