CyberSec.Space Logo
返回 CVE 浏览器

CVE-2021-24608

MEDIUM
4.8
CVSS Severity Score
EPSS Score0.1300%
EPSS Percentile3.70th
Published2021年10月25日
Last Modified2024年11月21日

Vulnerability Description

The Formidable Form Builder – Contact Form, Survey & Quiz Forms Plugin for WordPress plugin before 5.0.07 does not sanitise and escape its Form's Labels, allowing high privileged users to perform Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed

Affected Platforms (CPE)

📦
Strategy11

Formidable Form Builder

< 5.0.07

References & Advisories

🔗 https://plugins.trac.wordpress.org/changeset/2609911
🔗 https://wpscan.com/vulnerability/75305ea8-730b-4caf-a3c6-cb94adee683c
🔗 https://plugins.trac.wordpress.org/changeset/2609911
🔗 https://wpscan.com/vulnerability/75305ea8-730b-4caf-a3c6-cb94adee683c

相关漏洞威胁

CVE-2021-248849.6

The Formidable Form Builder WordPress plugin before 4.09.05 allows to inject certain HTML Tags like <audio>,<video>,<img>,<a> and<...

CVE-2017-201928.3

The Formidable Form Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via multiple parameters submitted du...

CVE-2017-201945.3

The Formidable Form Builder plugin for WordPress is vulnerable to Sensitive Data Exposure in versions up to, and including, 2.05.0...

CVE-2021-021110.0

An improper check for unusual or exceptional conditions in Juniper Networks Junos OS and Junos OS Evolved Routing Protocol Daemon ...