5 matches found
CVE-2021-25107
The Form Store to DB WordPress plugin before 1.1.1 does not sanitise and escape parameter keys before outputting it back in the created entry, allowing unauthenticated attacker to perform Cross-Site Scripting attacks against admin...
Cross site scripting
The Form Store to DB WordPress plugin before 1.1.1 does not sanitise and escape parameter keys before outputting it back in the created entry, allowing unauthenticated attacker to perform Cross-Site Scripting attacks against admin...
CVE-2021-25107
The CVE corresponds to the WordPress Form Store to DB plugin prior to version 1.1.1, where the plugin does not sanitize or escape parameter keys before echoing them back into a created entry. This causes unauthenticated stored Cross-Site Scripting (XSS) that can affect site admins. Affected compo...
Form Store to DB < 1.1.1 - Unauthenticated Stored Cross-Site Scripting
The plugin does not sanitise and escape parameter keys before outputting it back in the created entry, allowing unauthenticated attacker to perform Cross-Site Scripting attacks against admin POST /wp-json/contact-form-7/v1/contact-forms/1337/feedback HTTP/2 Content-Type: multipart/form-data;...
WordPress Form Store to DB plugin <= 1.1.0 - Unauthenticated Stored Cross-Site Scripting (XSS) vulnerability
Unauthenticated Stored Cross-Site Scripting XSS vulnerability discovered by Yoru Oni in WordPress Form Store to DB plugin versions = 1.1.0. Solution Update the WordPress Form Store to DB plugin to the latest available version at least 1.1.1...