CVE-2018-14430

The Mondula Multi Step Form plugin through 1.2.5 for WordPress allows XSS via the fw_data [id][1], fw_data [id][2], fw_data [id][3], fw_data [id][4], or email field of the contact form, exploitable with an fw_send_email action to wp-admin/admin-ajax.php.
Configurations

Configuration 1

cpe:2.3:a:mondula:multi_step_form:*:*:*:*:*:wordpress:*:*

Information

Published : 2018-07-25 11:29

Updated : 2018-09-20 12:08


NVD link : CVE-2018-14430

Mitre link : CVE-2018-14430

Products Affected
No products.
CWE