Published on: 10/14/2021 12:00:00 AM UTC
Last Modified on: 10/14/2021 04:56:00 PM UTC
The Formidable Form Builder WordPress plugin is vulnerable to Stored Cross-Site Scripting due to insufficient input validation and sanitization found in the ~/classes/helpers/FrmAppHelper.php file which allowed attackers with administrative user access to inject arbitrary web scripts, in versions up to and including 5.0.06. This affects multi-site installations where unfiltered_html is disabled for administrators, and sites where unfiltered_html is disabled.
- CVE-2021-39330 has been assigned by [email protected] to track the vulnerability - currently rated as MEDIUM severity.
- Affected Vendor/Software: Formidable - Formidable Form Builder version <= 5.0.06
CVSS3 Score: 5.5 - MEDIUM
|403 Forbidden|| plugins.trac.wordpress.org |
Inactive LinkNot Archived
|Vulnerability Advisories - Wordfence|| www.wordfence.com |
Thinkland Security Team
|@CVEreport||CVE-2021-39330 : The Formidable Form Builder WordPress plugin is vulnerable to Stored Cross-Site Scripting due to i… twitter.com/i/web/status/1…||2021-10-14 16:06:33|
|@SecRiskRptSME||RT: CVE-2021-39330 The Formidable Form Builder WordPress plugin is vulnerable to Stored Cross-Site Scripting due t… twitter.com/i/web/status/1…||2021-10-15 07:33:38|