WordPress is the Wordpress Foundation’s set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on PHP and MySQL servers. WordPress plugin is a WordPress open source application plugin. WordPress FormBuilder plugin suffers from a cross-site scripting vulnerability that stems from a failure to perform CSRF checks when creating/updating and deleting forms, and a failure to form field values are cleaned and escaped. An attacker could exploit this vulnerability to perform login management updates and delete arbitrary forms via CSRF attacks and place cross-site scripting payloads into them.
CPE | Name | Operator | Version |
---|---|---|---|
wordpress formbuilder plugin | le | 1.08 |