CVE-2022-38971

Name of the Vulnerable Software and Affected Versions ThemeKraft Post Form – Registration Form – Profile Form for User Profiles and Content Forms for User Submissions plugin versions <= 2.7.5

Description The issue is a Stored Cross-Site Scripting (XSS) vulnerability. This means that an attacker can inject malicious scripts into the website, which will be executed by the user's browser. The vulnerability is present in the ThemeKraft Post Form plugin, which is used for user profiles and content submissions.

Recommendations For ThemeKraft Post Form – Registration Form – Profile Form for User Profiles and Content Forms for User Submissions plugin versions <= 2.7.5, update to a version higher than 2.7.5 to resolve the issue. At the moment, there is no information about additional mitigation measures.