CVE-2021-24608

Formidable Form Builder < 5.0.07 - Admin+ Stored Cross-Site Scripting

EPSS 0.7%CWE-79

Vexday Risk Score

3Baixo

Decisão SSVC (CISA)

Track

Sem sinal de exploração → monitorar

CVSS —EPSS 0.7%KEV nãoPoC —Nuclei —Metasploit —Patch —

Ciclo de vida

25 out 2021Publicada no NVD

Recomendação: Monitorar — sem sinal de exploração no momento.

The Formidable Form Builder – Contact Form, Survey & Quiz Forms Plugin for WordPress plugin before 5.0.07 does not sanitise and escape its Form's Labels, allowing high privileged users to perform Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed

Produtos afetados

Unknown · Formidable Form Builder – Contact Form, Survey & Quiz Forms Plugin for WordPress

Quer saber se a sua infraestrutura está exposta a isto?

Falar com a TrueHacking →

Referências

https://plugins.trac.wordpress.org/changeset/2609911 https://wpscan.com/vulnerability/75305ea8-730b-4caf-a3c6-cb94adee683c