VYPR

formbuilder

by WordPress

CVEs (3)

  • CVE-2022-0830MedApr 4, 2022
    risk 0.42cvss 6.5epss 0.01

    The FormBuilder WordPress plugin through 1.08 does not have CSRF checks in place when creating/updating and deleting forms, and does not sanitise as well as escape its form field values. As a result, attackers could make logged in admin update and delete arbitrary forms via a…

  • CVE-2016-10910MedAug 21, 2019
    risk 0.40cvss 6.1epss 0.01

    The formbuilder plugin before 1.06 for WordPress has multiple XSS issues.

  • CVE-2012-6715MedAug 21, 2019
    risk 0.40cvss 6.1epss 0.01

    The formbuilder plugin before 0.9.1 for WordPress has XSS via a Referer header.