RSS   Vulnerabilities for 'Multi step form'   RSS

2018-07-25
 
CVE-2018-14430

CWE-79
 

 
The Mondula Multi Step Form plugin through 1.2.5 for WordPress allows XSS via the fw_data [id][1], fw_data [id][2], fw_data [id][3], fw_data [id][4], or email field of the contact form, exploitable with an fw_send_email action to wp-admin/admin-ajax.php.

 


Copyright 2024, cxsecurity.com

 

Back to Top