CVE-2024-6243 Information

Description

The HTML Forms WordPress plugin before 1.3.33 does not sanitize and escape the form message inputs allowing high-privilege users such as administrators to perform Stored Cross-Site Scripting (XSS) attacks even when the unfiltered_html capability is disabled.

Reference

https://wpscan.com/vulnerability/f4097877-ba19-4738-a994-9593b9a5a635/