mirror of
https://github.com/0xMarcio/cve.git
synced 2025-05-06 02:31:38 +00:00
858 B
858 B
CVE-2023-3134
&color=brighgreen)
Description
The Forminator WordPress plugin before 1.24.4 does not properly escape values that are being reflected inside form fields that use pre-populated query parameters, which could lead to reflected XSS attacks.
POC
Reference
- https://wpscan.com/vulnerability/6d50d3cc-7563-42c4-977b-f834fee711da
- https://www.onvio.nl/nieuws/research-day-discovering-vulnerabilities-in-wordpress-plugins