CVE-2018-14430

Published: 2018-07-25T23:29Z

Last Modified: 2024-11-21T03:49Z

Source: MITRE CVE List

License: MITRE-CVE-TOS

The Mondula Multi Step Form plugin through 1.2.5 for WordPress allows XSS via the fw_data [id][1], fw_data [id][2], fw_data [id][3], fw_data [id][4], or email field of the contact form, exploitable with an fw_send_email action to wp-admin/admin-ajax.php. > MITRE Terms of Use apply – see LICENSE‑MITRE.txt