WordPress Plugin Vulnerabilities

1app Business Forms <= 1.0.0 - Author+ Stored XSS

Description

The plugin does not sanitise and escape some parameters, which could allow users such as author and above to perform Stored Cross-Site Scripting attacks

Affects Plugins

Plugin icon
1app-business-forms
No known fix

References

CVE
CVE-2022-44631

Classification

Type
XSS
OWASP top 10
A7: Cross-Site Scripting (XSS)
CWE
CWE-79
CVSS
4.8 (medium)

Miscellaneous

Original Researcher
sk4rl1ghT
Verified
No
WPVDB ID
d6a067eb-7ada-4eed-8404-93f025648aed

Timeline

Publicly Published
2022-11-30 (about 3 years ago)
Added
2023-04-24 (about 3 years ago)
Last Updated
2023-04-24 (about 3 years ago)

Other

Published
Title
Published
2024-08-13
Title
Gutenberg Blocks, Page Builder – ComboBlocks < 2.2.88 - Authenticated (Contributor+) Stored Cross-Site Scripting via Accordion Block
Published
2025-10-31
Title
Popup addon for Ninja Forms < 3.5.2 - Authenticated (Administrator+) Stored Cross-Site Scripting
Published
2026-03-23
Title
DSGVO snippet for Leaflet Map and its Extensions < 3.4 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'unset' Attribute
Published
2025-01-09
Title
Bulk Me Now <= 2.0 - Reflected XSS
Published
2024-12-06
Title
코드엠샵 소셜톡 < 1.2.1 - Authenticated (Contributor+) Stored Cross-Site Scripting