First published: Thu Mar 16 2023(Updated: )
Stored Cross-Site Scripting (XSS) vulnerability in ThemeKraft Post Form – Registration Form – Profile Form for User Profiles and Content Forms for User Submissions plugin <= 2.7.5 versions.
Credit: audit@patchstack.com
Affected Software | Affected Version | How to fix |
---|---|---|
Themekraft Post Form Registration Form Profile Form For User Profiles And Content Forms | <=2.7.5 |
Update to 2.7.6 or a higher version.
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2022-38971 is a stored Cross-Site Scripting (XSS) vulnerability in the ThemeKraft Post Form – Registration Form – Profile Form for User Profiles and Content Forms for User Submissions plugin.
CVE-2022-38971 has a severity rating of medium, with a CVSS score of 5.4.
CVE-2022-38971 affects versions of the ThemeKraft Post Form – Registration Form – Profile Form for User Profiles and Content Forms for User Submissions plugin up to and including 2.7.5.
The Common Weakness Enumeration (CWE) for CVE-2022-38971 is CWE-79, which refers to Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting').
Yes, a patch or fix is available for CVE-2022-38971. Please refer to the official reference for more information.