Koutrouss Naddara

**Name of the Vulnerable Software and Affected Versions** The Super Forms - Drag & Drop Form Builder WordPress plugin versions prior to 6.0.4 **Description** The issue is related to a Reflected Cross-Site Scripting problem. The `bob czy panstwa sprawa zostala rozwiazana` parameter is not properly escaped before being outputted in an attribute via the "super language switcher" AJAX action. This action also lacks CSRF protection, making it easier for attackers to target any user. **Recommendations** For versions prior to 6.0.4, update to version 6.0.4 or later to resolve the issue. As a temporary workaround, consider restricting access to the "super language switcher" AJAX action until a patch is applied. Avoid using the `bob czy panstwa sprawa zostala rozwiazana` parameter in the affected AJAX endpoint until the issue is resolved.