← Back

Flaming Forms

flaming_forms

Vendor: Projectcaruso • 2 CVEs

CVEs (2)

CVE
VENDORS
PRODUCTS
UPDATED
PUBLISHED
CVSS
CVE-2024-7692
1Projectcaruso
1Flaming Forms
Jun 17, 2026
Sep 2, 2024
N/A· v4
6.1 MEDIUM· v3
N/A· v2
The Flaming Forms WordPress plugin through 1.0.1 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege user...Show more
The Flaming Forms WordPress plugin through 1.0.1 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin.Show less
CVE-2024-7691
1Projectcaruso
1Flaming Forms
Jun 17, 2026
Sep 2, 2024
N/A· v4
6.1 MEDIUM· v3
N/A· v2
The Flaming Forms WordPress plugin through 1.0.1 does not sanitise and escape some parameters, which could allow unauthenticated users to perform Cross-Site Scripting attacks against administrators.