CVE-2017-18600 — Cross-site Scripting in Formcraft

Severity

5.4MEDIUMNVD

EPSS

0.2%

top 60.29%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Timeline

PublishedSep 10

Latest updateMay 24

Description

The formcraft3 plugin before 3.4 for WordPress has stored XSS via the "New Form > Heading > Heading Text" field.

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:NExploitability: 2.3 | Impact: 2.7

GHSA

GHSA-2pp4-x986-8w45: The formcraft3 plugin before 3↗2022-05-24

▶

CVEList

CVE-2017-18600: The formcraft3 plugin before 3↗2019-09-10

▶