QwikSec

Security Database

CVE

CWE

Training

CVE-2021-24608

Published: Oct 25, 2021

Modified: Aug 3, 2024

PUBLISHED

Description

The Formidable Form Builder – Contact Form, Survey & Quiz Forms Plugin for WordPress plugin before 5.0.07 does not sanitise and escape its Form's Labels, allowing high privileged users to perform Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed

Vendor	Product	Versions
Unknown	Formidable Form Builder – Contact Form, Survey & Quiz Forms Plugin for WordPress	affected `5.0.07 - < 5.0.07`

Weaknesses (CWE)

References

https://wpscan.com/vulnerability/75305ea8-730b-4caf-a3c6-cb94adee683c

x_refsource_MISC

https://plugins.trac.wordpress.org/changeset/2609911

x_refsource_CONFIRM

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.