WordPress Form Store to DB plugin cross-site scripting vulnerability

WordPress is a set of blogging platforms developed using the PHP language by the WordPress Wordpress Foundation. The platform supports the hosting of personal blog sites on servers with PHP and MySQL. cross-site scripting vulnerability exists in versions of the WordPress Form Store to DB plugin...

CVE-2021-25107

The Form Store to DB WordPress plugin before 1.1.1 does not sanitise and escape parameter keys before outputting it back in the created entry, allowing unauthenticated attacker to perform Cross-Site Scripting attacks against admin...

Cross site scripting

The Form Store to DB WordPress plugin before 1.1.1 does not sanitise and escape parameter keys before outputting it back in the created entry, allowing unauthenticated attacker to perform Cross-Site Scripting attacks against admin...

CVE-2021-25107

The CVE corresponds to the WordPress Form Store to DB plugin prior to version 1.1.1, where the plugin does not sanitize or escape parameter keys before echoing them back into a created entry. This causes unauthenticated stored Cross-Site Scripting (XSS) that can affect site admins. Affected compo...

WordPress 跨站脚本漏洞

WordPress is a set of blogging platforms developed using the PHP language by the WordPress Wordpress Foundation. The platform supports the hosting of personal blog sites on servers with PHP and MySQL. cross-site scripting vulnerability exists in versions of the WordPress Form Store to DB plugin...

WordPress Form Store to DB plugin <= 1.1.0 - Unauthenticated Stored Cross-Site Scripting (XSS) vulnerability

Unauthenticated Stored Cross-Site Scripting XSS vulnerability discovered by Yoru Oni in WordPress Form Store to DB plugin versions = 1.1.0. Solution Update the WordPress Form Store to DB plugin to the latest available version at least 1.1.1...

Form Store to DB < 1.1.1 - Unauthenticated Stored Cross-Site Scripting

The plugin does not sanitise and escape parameter keys before outputting it back in the created entry, allowing unauthenticated attacker to perform Cross-Site Scripting attacks against admin POST /wp-json/contact-form-7/v1/contact-forms/1337/feedback HTTP/2 Content-Type: multipart/form-data;...