VYPR
Unrated severityNVD Advisory· Published Aug 16, 2021· Updated Aug 3, 2024

Form Maker < 1.13.60 - Authenticated Stored XSS

CVE-2021-24526

Description

The Form Maker by 10Web – Mobile-Friendly Drag & Drop Contact Form Builder WordPress plugin before 1.13.60 does not escape its Form Title before outputting it in an attribute when editing a form in the admin dashboard, leading to an authenticated Stored Cross-Site Scripting issue

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

2

Patches

Vulnerability mechanics

References

1

News mentions

0

No linked articles in our index yet.