The Contact Bank WordPress plugin through 3.0.30 does not sanitise and escape some of its Form settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)
2022-10-25T17:15:57.153
2025-05-09T19:15:56.347
Modified
CVSSv3.1: 4.8 (MEDIUM)
| Type | Vendor | Product | Version/Range | Vulnerable? |
|---|---|---|---|---|
| Application | tech-banker | contact_bank | ≤ 3.0.30 | Yes |