PT-2021-22537 · WordPress · Formidable Form Builder
Published
2021-10-14
·
Updated
2021-11-17
·
CVE-2021-39330
None
No severity ratings or metrics are available. When they are, we'll update the corresponding info on the page.
Name of the Vulnerable Software and Affected Versions:
Formidable Form Builder WordPress plugin versions up to and including 5.0.06
Description:
The issue is related to Stored Cross-Site Scripting due to insufficient input validation and sanitization in the ~/classes/helpers/FrmAppHelper.php file. This allows attackers with administrative user access to inject arbitrary web scripts. The issue affects multi-site installations where unfiltered html is disabled for administrators, and sites where unfiltered html is disabled.
Recommendations:
For Formidable Form Builder WordPress plugin versions up to and including 5.0.06, update to a version later than 5.0.06 to resolve the issue.
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Formidable Form Builder