The FormFlow: WhatsApp Social and Advanced Form Builder with Easy Lead Collection WordPress plugin before 2.12.2 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)
History

Fri, 30 May 2025 21:45:00 +0000

Type Values Removed Values Added
First Time appeared Devsabbirahmed
Devsabbirahmed simple Form
Weaknesses CWE-79
CPEs cpe:2.3:a:devsabbirahmed:simple_form:*:*:*:*:*:wordpress:*:*
Vendors & Products Devsabbirahmed
Devsabbirahmed simple Form

cve-icon MITRE

Status: PUBLISHED

Assigner: WPScan

Published: 2024-07-30T06:00:06.437Z

Updated: 2024-08-01T19:32:42.701Z

Reserved: 2024-03-29T22:00:02.137Z

Link: CVE-2024-3113

cve-icon Vulnrichment

Updated: 2024-08-01T19:32:42.701Z

cve-icon NVD

Status : Analyzed

Published: 2024-07-30T06:15:02.337

Modified: 2025-05-30T16:55:02.807

Link: CVE-2024-3113

cve-icon Redhat

No data.