formbuilder
by WordPress
CVEs (3)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2022-0830 | Med | 0.42 | 6.5 | 0.01 | Apr 4, 2022 | The FormBuilder WordPress plugin through 1.08 does not have CSRF checks in place when creating/updating and deleting forms, and does not sanitise as well as escape its form field values. As a result, attackers could make logged in admin update and delete arbitrary forms via a… | ||
| CVE-2016-10910 | Med | 0.40 | 6.1 | 0.01 | Aug 21, 2019 | The formbuilder plugin before 1.06 for WordPress has multiple XSS issues. | ||
| CVE-2012-6715 | Med | 0.40 | 6.1 | 0.01 | Aug 21, 2019 | The formbuilder plugin before 0.9.1 for WordPress has XSS via a Referer header. |
- risk 0.42cvss 6.5epss 0.01
The FormBuilder WordPress plugin through 1.08 does not have CSRF checks in place when creating/updating and deleting forms, and does not sanitise as well as escape its form field values. As a result, attackers could make logged in admin update and delete arbitrary forms via a…
- risk 0.40cvss 6.1epss 0.01
The formbuilder plugin before 1.06 for WordPress has multiple XSS issues.
- risk 0.40cvss 6.1epss 0.01
The formbuilder plugin before 0.9.1 for WordPress has XSS via a Referer header.