Lucene search
WPScanCVELIST:CVE-2023-5119HistoryNov 20, 2023 - 6:55 p.m.
CVE-2023-5119 Forminator and Forminator Pro < 1.27.0 - Admin+ Stored Cross-Site Scripting
2023-11-2018:55:11
WPScan
www.cve.org
2
cve-2023-5119
forminator pro
admin+
stored cross-site scripting
wordpress plugin
vulnerability
EPSS
0
Percentile
14.0%
The Forminator WordPress plugin before 1.27.0 does not properly sanitize the redirect-url field in the form submission settings, which could allow high-privilege users such as an administrator to inject arbitrary web scripts even when the unfiltered_html capability is disallowed (for example in a multisite setup).
CNA Affected
[
{
"vendor": "Unknown",
"product": "Forminator",
"versions": [
{
"status": "affected",
"versionType": "semver",
"version": "0",
"lessThan": "1.27.0"
}
],
"defaultStatus": "unaffected",
"collectionURL": "https://wordpress.org/plugins"
}
]Related
wpexploit
wpexploit
Forminator and Forminator Pro < 1.27.0 - Admin+ Stored Cross-Site Scripting
2023-10-27 00:00:00
prion
prion
Code injection
2023-11-20 19:15:00
openvas
openvas
WordPress Forminator Plugin < 1.27.0 XSS Vulnerability
2023-11-21 00:00:00
cve
cve
CVE-2023-5119
2023-11-20 19:15:09
nvd
nvd
CVE-2023-5119
2023-11-20 19:15:09
wpvulndb
wpvulndb
Forminator and Forminator Pro < 1.27.0 - Admin+ Stored Cross-Site Scripting
2023-10-27 00:00:00