CVE Published: 16/01/2024 |
CVE Updated: 03/08/2024 |
CVE Year: 2022 Source: WPScan |
Vendor: Unknown |
Product: Contact Form & Lead Form Elementor Builder Status : PUBLISHED
CVE-2022-23179 Description
The Contact Form & Lead Form Elementor Builder WordPress plugin before 1.7.0 does not escape some of its form fields before outputting them in attributes, which could allow high privilege users to perform Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed