CVE-2023-5119

Name of the Vulnerable Software and Affected Versions Forminator WordPress plugin versions prior to 1.27.0

Description The issue arises from improper sanitization of the redirect-url field in form submission settings. This could allow high-privilege users, such as administrators, to inject arbitrary web scripts, even when the unfiltered html capability is disallowed, for example, in a multisite setup.

Recommendations For versions prior to 1.27.0, update to version 1.27.0 or later to resolve the issue. As a temporary workaround, consider restricting access to the form submission settings to minimize the risk of exploitation.