Vulnerabilities > CVE-2021-24596 - Unspecified vulnerability in Itservicejung Youforms-Free-For-Copecart

CVSS 4.8 - MEDIUM

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

HIGH

Confidentiality impact

LOW

Integrity impact

LOW

Availability impact

NONE

network

low complexity

itservicejung

NVD

Published: 2021-09-20

Updated: 2024-11-21

Summary

The youForms for WordPress plugin through 1.0.5 does not sanitise escape the Button Text field of its Templates, allowing high privilege users (editors and admins) to perform Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed

Vulnerable Configurations

Part	Description	Count
Application	Itservicejung Itservicejung Youforms Free FOR Copecart *	1

References

https://wpscan.com/vulnerability/b5def0e7-2b4a-43e0-8175-28b28aa2f8ae
https://wpscan.com/vulnerability/b5def0e7-2b4a-43e0-8175-28b28aa2f8ae