CVE-2024-6243

Name of the Vulnerable Software and Affected Versions: HTML Forms WordPress plugin versions prior to 1.3.33

Description: The issue allows high-privilege users, such as administrators, to perform Stored Cross-Site Scripting (XSS) attacks. This is possible because the plugin does not properly sanitize and escape form message inputs, even when the unfiltered html capability is disabled.

Recommendations: For versions prior to 1.3.33, update to version 1.3.33 or later to resolve the issue. As a temporary workaround, consider restricting the ability of high-privilege users to input form messages until the update is applied.