Lucene search

PatchstackCVE-2021-36821

HistoryMar 16, 2023 - 3:15 p.m.

CVE-2021-36821

2023-03-1615:15:10

CWE-79

Patchstack

web.nvd.nist.gov

cve-2021-36821

unauthenticated

stored xss

wpmu dev forminator

contact form

payment form

custom form builder plugin

CVSS3

7.1

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

LOW

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L

AI Score

6.5

Confidence

High

EPSS

0.001

Percentile

31.2%

JSON

Improper Neutralization of Input During Web Page Generation (XSS or ‘Cross-site Scripting’) vulnerability in WPMU DEV Forminator allows Stored XSS.This issue affects Forminator: from n/a through 1.14.11.

Affected configurations

Nvd

Vulners

Vulnrichment

Node

incsubforminatorRange<1.14.12wordpress

VendorProductVersionCPE
incsubforminator*cpe:2.3:a:incsub:forminator:*:*:*:*:*:wordpress:*:*

Vendor	Product	Version	CPE
incsub	forminator	*	cpe:2.3:a:incsub:forminator::::::wordpress::*

CNA Affected

[
  {
    "collectionURL": "https://wordpress.org/plugins",
    "defaultStatus": "unaffected",
    "packageName": "forminator",
    "product": "Forminator",
    "vendor": "WPMU DEV",
    "versions": [
      {
        "changes": [
          {
            "at": "1.14.12",
            "status": "unaffected"
          }
        ],
        "lessThanOrEqual": "1.14.11",
        "status": "affected",
        "version": "n/a",
        "versionType": "custom"
      }
    ]
  }
]

References

patchstack.com/database/vulnerability/forminator/wordpress-forminator-plugin-1-14-11-stored-cross-site-scripting-xss-vulnerability?_s_id=cve