Medium severity6.5NVD Advisory· Published Apr 4, 2022· Updated Jun 17, 2026
CVE-2022-0830
CVE-2022-0830
Description
The FormBuilder WordPress plugin through 1.08 does not have CSRF checks in place when creating/updating and deleting forms, and does not sanitise as well as escape its form field values. As a result, attackers could make logged in admin update and delete arbitrary forms via a CSRF attack, and put Cross-Site Scripting payloads in them.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
2- Range: <=1.08
Patches
Vulnerability mechanics
References
1- wpscan.com/vulnerability/114c0202-39f8-4748-ac0d-013d2d6f02f7nvdExploitThird Party Advisory
News mentions
0No linked articles in our index yet.