CVE-2017-20192

Name of the Vulnerable Software and Affected Versions Formidable Form Builder plugin for WordPress versions prior to 2.05.03

Description The issue allows unauthenticated attackers to inject arbitrary web scripts that execute in a victim's browser due to insufficient input sanitization and output escaping of multiple parameters submitted during form entries, such as the after html parameter. This enables Stored Cross-Site Scripting attacks.

Recommendations For versions prior to 2.05.03, update to version 2.05.03 or later to resolve the issue. As a temporary workaround, consider restricting access to form entries or disabling the submission of parameters like after html until a patch is applied.