Davide Taraschi

#26576of 53,635
9.7Total CVSS
Vulnerabilities · 2
Medium
2
PT-2022-9448
4.9
2022-02-28
WordPress · The Contact Forms - Drag & Drop Contact Form Builder · CVE-2021-24689
**Name of the Vulnerable Software and Affected Versions** The Contact Forms - Drag & Drop Contact Form Builder WordPress plugin versions 1.0.0 through 1.0.5 **Description** The issue allows high privilege users to download arbitrary files from the web server via a path traversal attack. **Recommendations** For The Contact Forms - Drag & Drop Contact Form Builder WordPress plugin versions 1.0.0 through 1.0.5, update to a version later than 1.0.5 to resolve the issue.
PT-2021-16177
4.8
2021-11-08
WordPress · Wpschoolpress · CVE-2021-24664
**Name of the Vulnerable Software and Affected Versions** WPSchoolPress WordPress plugin versions prior to 2.1.17 **Description** The issue is related to Stored Cross-Site Scripting, where some fields are sanitized using `sanitize text field()` but not properly escaped before being outputted in attributes. **Recommendations** For versions prior to 2.1.17, update to version 2.1.17 or later to resolve the issue.