Security Advisory

CVE-2022-23179

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2024-01-16 15:52:09

Last updated 2026-01-09 21:03:33

Assigner WPScan

State PUBLISHED

Description

The Contact Form & Lead Form Elementor Builder WordPress plugin before 1.7.0 does not escape some of its form fields before outputting them in attributes, which could allow high privilege users to perform Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed

← Browse all CVEs View on cve.org ↗