CyberSec.Space Logo
Back to CVE Browser

CVE-2021-24513

MEDIUM
5.4
CVSS Severity Score
EPSS Score0.0460%
EPSS Percentile0.49th
PublishedSep 6, 2021
Last ModifiedNov 21, 2024

Vulnerability Description

The Form Builder | Create Responsive Contact Forms WordPress plugin before 1.9.8.4 does not sanitise or escape its Form Title, allowing high privilege users such as admin to set Cross-Site Scripting payload in them, even when the unfiltered_html capability is disallowed

Affected Platforms (CPE)

📦
Web Settler

Form Builder

< 1.9.8.4

References & Advisories

🔗 https://wpscan.com/vulnerability/a1dc0ea9-51dd-43c3-bfd9-c5106193aeb6
🔗 https://wpscan.com/vulnerability/a1dc0ea9-51dd-43c3-bfd9-c5106193aeb6

Related Vulnerabilities

CVE-2017-60709.8

CMS Made Simple version 1.x Form Builder before version 0.8.1.6 allows remote attackers to execute PHP code via the cntnt01fbrp_fo...

CVE-2015-94529.8

The nex-forms-express-wp-form-builder plugin before 4.6.1 for WordPress has SQL injection via the wp-admin/admin.php?page=nex-form...

CVE-2017-159199.8

The ultimate-form-builder-lite plugin before 1.3.7 for WordPress has SQL Injection, with resultant PHP Object Injection, via wp-ad...

CVE-2021-248849.6

The Formidable Form Builder WordPress plugin before 4.09.05 allows to inject certain HTML Tags like <audio>,<video>,<img>,<a> and<...