Filtered by vendor Super-forms Subscriptions
Total 1 CVE
CVE Vendors Products Updated CVSS v3.1
CVE-2022-0402 1 Super-forms 1 Super Forms 2024-11-21 6.1 Medium
The Super Forms - Drag & Drop Form Builder WordPress plugin before 6.0.4 does not escape the bob_czy_panstwa_sprawa_zostala_rozwiazana parameter before outputting it back in an attribute via the super_language_switcher AJAX action, leading to a Reflected Cross-Site Scripting. The action is also lacking CSRF, making the attack easier to perform against any user.