WordPress Plugin Vulnerabilities

Live Forms < 1.3.0 - Unauthenticated Stored Cross-Site Scripting (XSS)

Description

Form input fields on the blog front end are not properly sanitised. The unsanitised user input will be displayed in "WordPress Admin > Form entries".

Screenshots:

http://imgur.com/Oflsb3n
http://imgur.com/jHaZR5O

Affects Plugins

Plugin icon
liveforms
Fixed in 1.3.0

Classification

Type
XSS
OWASP top 10
A7: Cross-Site Scripting (XSS)
CWE
CWE-79

Miscellaneous

Submitter
SecuBeastTeam
Verified
No
WPVDB ID
c341aee2-fc2d-4b5f-8cc4-6e92d699e8d5

Timeline

Publicly Published
2014-12-19 (about 11 years ago)
Added
2014-12-19 (about 11 years ago)
Last Updated
2019-09-09 (about 6 years ago)

Other

Published
Title
Published
2011-09-27
Title
Atahualpa < 3.6.8 - XSS
Published
2025-12-31
Title
Logo Slider , Logo Carousel , Logo showcase , Client Logo <= 1.8.1 - Authenticated (Editor+) Stored Cross-Site Scripting
Published
2025-06-25
Title
GC Social wall <= 1.15 - Authenticated (Contributor+) Stored Cross-Site Scripting
Published
2024-03-26
Title
WooCommerce PDF Invoices, Packing Slips, Delivery Notes and Shipping Labels < 4.4.1 - Reflected Cross-Site Scripting
Published
2023-08-28
Title
Easy Coming Soon <= 2.3 - Admin+ Stored XSS