Cross site scripting

2022-04-0416:15:00

PRIOn knowledge base

www.prio-n.com

0.001 Low

EPSS

Percentile

26.4%

JSON

The FormBuilder WordPress plugin through 1.08 does not have CSRF checks in place when creating/updating and deleting forms, and does not sanitise as well as escape its form field values. As a result, attackers could make logged in admin update and delete arbitrary forms via a CSRF attack, and put Cross-Site Scripting payloads in them.

CPENameOperatorVersion
formbuilderle1.08

CPE	Name	Operator	Version
	formbuilder	le	1.08

References

wpscan.com/vulnerability/114c0202-39f8-4748-ac0d-013d2d6f02f7

0.001 Low

EPSS

Percentile

26.4%

JSON

Related for PRION:CVE-2022-0830