Caldera · Caldera Forms · CVE-2018-7747
Name of the Vulnerable Software and Affected Versions:
Caldera Forms plugin versions prior to 1.6.0-rc.1
Description:
The issue allows remote attackers to inject arbitrary web script or HTML. This can be achieved through various vectors, including a greeting message, the email transaction log, or an imported form.
Recommendations:
For Caldera Forms plugin versions prior to 1.6.0-rc.1, update to version 1.6.0-rc.1 or later to resolve the issue.