CVE-2021-24526

Name of the Vulnerable Software and Affected Versions The Form Maker by 10Web – Mobile-Friendly Drag & Drop Contact Form Builder WordPress plugin versions prior to 1.13.60

Description The issue is related to an authenticated Stored Cross-Site Scripting problem. It occurs because the Form Title is not properly escaped before being outputted in an attribute when editing a form in the admin dashboard. This allows for malicious scripts to be stored and executed.

Recommendations For versions prior to 1.13.60, update to version 1.13.60 or later to resolve the issue. As a temporary workaround, consider restricting access to the admin dashboard to minimize the risk of exploitation.