CVE-2022-1647
EUVD-2022-2493408.06.2022, 10:15
The FormCraft WordPress plugin before 1.2.6 does not sanitise and escape Field Labels, allowing high privilege users such as admin to perform Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed.
Affected Products (NVD)
| Vendor | Product | Version |
|---|---|---|
| ncrafts | formcraft | 𝑥 < 1.2.6 |
𝑥
= Vulnerable software versions