WordPress FormCraft Premium WordPress Form Builder versions 3.2.31 and below suffer from a persistent Cross-Site Scripting (XSS) vulnerability.
New Form > Heading > Heading Text input field is vulnerable. The payload will execute when the form is displayed.
8bitsec
No
2017-07-26 (about 5 years ago)
2017-08-02 (about 5 years ago)
2021-05-27 (about 1 years ago)