CyberSec.Space Logo
Back to CVE Browser

CVE-2021-24608

MEDIUM
4.8
CVSS Severity Score
EPSS Score0.1300%
EPSS Percentile3.70th
PublishedOct 25, 2021
Last ModifiedNov 21, 2024

Vulnerability Description

The Formidable Form Builder – Contact Form, Survey & Quiz Forms Plugin for WordPress plugin before 5.0.07 does not sanitise and escape its Form's Labels, allowing high privileged users to perform Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed

Affected Platforms (CPE)

πŸ“¦
Strategy11

Formidable Form Builder

< 5.0.07

References & Advisories

πŸ”— https://plugins.trac.wordpress.org/changeset/2609911
πŸ”— https://wpscan.com/vulnerability/75305ea8-730b-4caf-a3c6-cb94adee683c
πŸ”— https://plugins.trac.wordpress.org/changeset/2609911
πŸ”— https://wpscan.com/vulnerability/75305ea8-730b-4caf-a3c6-cb94adee683c

Related Vulnerabilities

CVE-2021-248849.6

The Formidable Form Builder WordPress plugin before 4.09.05 allows to inject certain HTML Tags like <audio>,<video>,<img>,<a> and<...

CVE-2017-201928.3

The Formidable Form Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via multiple parameters submitted du...

CVE-2017-201945.3

The Formidable Form Builder plugin for WordPress is vulnerable to Sensitive Data Exposure in versions up to, and including, 2.05.0...

CVE-2021-4422810.0

Apache Log4j2 2.0-beta9 through 2.15.0 (excluding security releases 2.12.2, 2.12.3, and 2.3.1) JNDI features used in configuration...