Lucene search
Chinmay Vishwas DivekarWPEX-ID:DFA21DDE-A9FC-4A35-9602-C3FDE907CA54HistoryAug 29, 2022 - 12:00 a.m.
Form Builder CP < 1.2.32 - Admin+ Stored Cross-Site Scripting
2022-08-2900:00:00
Chinmay Vishwas Divekar
241
form builder
admin+
stored
cross-site scripting
exploit
0.001 Low
EPSS
Percentile
24.8%
The plugin does not sanitise and escape some of its form settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)
Create/edit a form and put the following payload in the Form name settings: "><script>alert(/XSS/)</script>Related
cvelist
cvelist
CVE-2022-2567 Form Builder CP < 1.2.32 - Admin+ Stored Cross-Site Scripting
2022-09-19 14:00:54
prion
prion
Cross site scripting
2022-09-19 14:15:00
nvd
nvd
CVE-2022-2567
2022-09-19 14:15:10
patchstack
patchstack
cve
cve
CVE-2022-2567
2022-09-19 14:15:10
wpvulndb
wpvulndb
Form Builder CP < 1.2.32 - Admin+ Stored Cross-Site Scripting
2022-08-29 00:00:00