Inquiry Form To Posts Or Pages
Monthly
Cross-site request forgery leading to stored cross-site scripting in Inquiry Form to Posts or Pages plugin version 1.0 for WordPress allows unauthenticated attackers to inject arbitrary scripts into administrator settings. The vulnerability stems from missing nonce validation on the settings update handler combined with insufficient input sanitization and output escaping, enabling an attacker to craft a malicious request that, when visited by a logged-in administrator, stores persistent XSS payloads. With a CVSS score of 4.3 and no evidence of public exploitation, this represents a moderate-severity threat requiring administrator interaction.
Cross-site request forgery leading to stored cross-site scripting in Inquiry Form to Posts or Pages plugin version 1.0 for WordPress allows unauthenticated attackers to inject arbitrary scripts into administrator settings. The vulnerability stems from missing nonce validation on the settings update handler combined with insufficient input sanitization and output escaping, enabling an attacker to craft a malicious request that, when visited by a logged-in administrator, stores persistent XSS payloads. With a CVSS score of 4.3 and no evidence of public exploitation, this represents a moderate-severity threat requiring administrator interaction.