Report
Multiple cross-site scripting (XSS) vulnerabilities in the x-forms-express plugin 2.1.0 for WordPress allow remote attackers to inject arbitrary web script or HTML via the form_fields parameter in a (1) do_edit or (2) do_insert action to wp-admin/admin-ajax.php.
Score:Unknown
Severity:Unknown
Version: 2.1.0
There is a patch available in v2.1.1 and we strongly recommend you update to this version as soon as possible.
