Lucene search
WPScanCVELIST:CVE-2021-25107HistoryFeb 14, 2022 - 9:20 a.m.
CVE-2021-25107 Form Store to DB < 1.1.1 - Unauthenticated Stored Cross-Site Scripting
2022-02-1409:20:51
CWE-79
WPScan
www.cve.org
0.001 Low
EPSS
Percentile
31.8%
The Form Store to DB WordPress plugin before 1.1.1 does not sanitise and escape parameter keys before outputting it back in the created entry, allowing unauthenticated attacker to perform Cross-Site Scripting attacks against admin
CNA Affected
[
{
"product": "Form Store to DB",
"vendor": "Unknown",
"versions": [
{
"lessThan": "1.1.1",
"status": "affected",
"version": "1.1.1",
"versionType": "custom"
}
]
}
]Related
cve
cve
CVE-2021-25107
2022-02-14 12:15:15
wpvulndb
wpvulndb
Form Store to DB < 1.1.1 - Unauthenticated Stored Cross-Site Scripting
2022-01-17 00:00:00
wpexploit
wpexploit
Form Store to DB < 1.1.1 - Unauthenticated Stored Cross-Site Scripting
2022-01-17 00:00:00
nvd
nvd
CVE-2021-25107
2022-02-14 12:15:15
patchstack
patchstack
prion
prion
Cross site scripting
2022-02-14 12:15:00
cnvd
cnvd
WordPress Form Store to DB plugin cross-site scripting vulnerability
2022-02-16 00:00:00