CVE-2021-36821

2023-03-1615:15:10

CWE-79

[email protected]

web.nvd.nist.gov

cve-2021-36821

unauthenticated

stored xss

wpmu dev forminator

contact form

payment form

custom form builder plugin

7.1 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

LOW

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L

6.2 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

27.3%

JSON

Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in WPMU DEV Forminator – Contact Form, Payment Form & Custom Form Builder allows Stored XSS.This issue affects Forminator – Contact Form, Payment Form & Custom Form Builder: from n/a through 1.14.11.

Affected configurations

Vulners

NVD

Node

wpmu_devforminator_–_contact_form\,_payment_form_\&_custom_form_builderRange≤1.14.11

CPENameOperatorVersion
incsub:forminatorincsub forminatorlt1.14.12

CPE	Name	Operator	Version
incsub:forminator	incsub forminator	lt	1.14.12

CNA Affected

[
  {
    "collectionURL": "https://wordpress.org/plugins",
    "defaultStatus": "unaffected",
    "packageName": "forminator",
    "product": "Forminator – Contact Form, Payment Form & Custom Form Builder",
    "vendor": "WPMU DEV",
    "versions": [
      {
        "changes": [
          {
            "at": "1.14.12",
            "status": "unaffected"
          }
        ],
        "lessThanOrEqual": "1.14.11",
        "status": "affected",
        "version": "n/a",
        "versionType": "custom"
      }
    ]
  }
]