The Profile Builder WordPress plugin before 3.6.8 does not sanitise and escape Form Fields titles and description, which could allow high privilege user such as admin to perform Criss-Site Scripting attacks even when unfiltered_html is disallowed
CPE | Name | Operator | Version |
---|---|---|---|
profile_builder | lt | 3.6.8 |