First published: Mon Nov 28 2022(Updated: )
The Google Forms WordPress plugin through 0.95 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup).
Credit: contact@wpscan.com
Affected Software | Affected Version | How to fix |
---|---|---|
Google Forms Project Google Forms | <=0.95 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
The vulnerability ID for the Google Forms WordPress plugin vulnerability is CVE-2022-3834.
The severity of CVE-2022-3834 is medium with a CVSS score of 4.8.
The affected software for CVE-2022-3834 is the Google Forms WordPress plugin up to version 0.95.
CVE-2022-3834 is a Stored Cross-Site Scripting (XSS) vulnerability.
High privilege users, such as admin, can exploit CVE-2022-3834 to perform Stored Cross-Site Scripting (XSS) attacks.