The SureForms WordPress plugin before 1.4.4 does not sanitise and escape some of its Form settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup).
CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:L/I:L/A:NBrainstormforce Sureforms
APPBrainstormforce< 1.4.4
Related vulnerabilities
The SureForms – Drag and Drop Form Builder for WordPress plugin for WordPress is vulnerable to arbitrary file ...
The SureForms – Drag and Drop Form Builder for WordPress plugin for WordPress is vulnerable to PHP Object Inje...
The SureForms WordPress plugin before 1.7.2 does not sanitise and escape a parameter before outputting it bac...
The SureForms WordPress plugin before 1.4.4 does not have proper authorisation check when updating its settin...
The SureForms – Drag and Drop Form Builder for WordPress plugin for WordPress is vulnerable to Information Exp...