Lucene search
China National Vulnerability DatabaseCNVD-2022-68899HistoryApr 07, 2022 - 12:00 a.m.
WordPress FormBuilder plugin cross-site scripting vulnerability
2022-04-0700:00:00
China National Vulnerability Database
www.cnvd.org.cn
7
0.001 Low
EPSS
Percentile
26.4%
WordPress is the Wordpress Foundation’s set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on PHP and MySQL servers. WordPress plugin is a WordPress open source application plugin. WordPress FormBuilder plugin suffers from a cross-site scripting vulnerability that stems from a failure to perform CSRF checks when creating/updating and deleting forms, and a failure to form field values are cleaned and escaped. An attacker could exploit this vulnerability to perform login management updates and delete arbitrary forms via CSRF attacks and place cross-site scripting payloads into them.
| CPE | Name | Operator | Version |
|---|---|---|---|
| wordpress formbuilder plugin | le | 1.08 |
Related
prion
prion
Cross site scripting
2022-04-04 16:15:00
cvelist
cvelist
CVE-2022-0830 FormBuilder <= 1.08 - Stored Cross-Site Scripting via CSRF
2022-04-04 15:35:50
cve
cve
CVE-2022-0830
2022-04-04 16:15:09
wpvulndb
wpvulndb
FormBuilder <= 1.08 - Stored Cross-Site Scripting via CSRF
2022-03-08 00:00:00
nvd
nvd
CVE-2022-0830
2022-04-04 16:15:09
wpexploit
wpexploit
FormBuilder <= 1.08 - Stored Cross-Site Scripting via CSRF
2022-03-08 00:00:00