CVE-2021-24513

The Form Builder | Create Responsive Contact Forms WordPress plugin before 1.9.8.4 does not sanitise or escape its Form Title, allowing high privilege users such as admin to set Cross-Site Scripting payload in them, even when the unfiltered_html capability is disallowed
References
Configurations

Configuration 1

cpe:2.3:a:web-settler:form_builder:*:*:*:*:*:wordpress:*:*

Information

Published : 2021-09-06 11:15

Updated : 2021-09-09 09:08


NVD link : CVE-2021-24513

Mitre link : CVE-2021-24513

Products Affected
No products.
CWE