CyberSec.Space Logo
返回 CVE 浏览器

CVE-2017-20192

HIGH
8.3
CVSS Severity Score
EPSS Score0.1640%
EPSS Percentile11.50th
Published2024年10月16日
Last Modified2025年12月23日

Vulnerability Description

The Formidable Form Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via multiple parameters submitted during form entries like 'after_html' in versions before 2.05.03 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts that execute in a victim's browser.

Affected Platforms (CPE)

📦
Strategy11

Formidable Form Builder

< 2.05.03

References & Advisories

🔗 https://klikki.fi/adv/formidable.html
🔗 https://wordpress.org/plugins/formidable/#developers
🔗 https://www.wordfence.com/threat-intel/vulnerabilities/id/900fcaab-2424-4ae8-af18-95659db0dbe3?source=cve

相关漏洞威胁

CVE-2021-248849.6

The Formidable Form Builder WordPress plugin before 4.09.05 allows to inject certain HTML Tags like <audio>,<video>,<img>,<a> and<...

CVE-2017-201945.3

The Formidable Form Builder plugin for WordPress is vulnerable to Sensitive Data Exposure in versions up to, and including, 2.05.0...

CVE-2021-246084.8

The Formidable Form Builder – Contact Form, Survey & Quiz Forms Plugin for WordPress plugin before 5.0.07 does not sanitise and es...

CVE-2017-332410.0

Vulnerability in the Primavera P6 Enterprise Project Portfolio Management component of Oracle Primavera Products Suite (subcompone...

CVE-2017-20192 Detail & Impact Analysis | CVSS 8.3 (HIGH) | Cyber-Sec.Space | Cyber-Sec.Space