Vulnerability Description
The Formidable Form Builder – Contact Form, Survey & Quiz Forms Plugin for WordPress plugin before 5.0.07 does not sanitise and escape its Form's Labels, allowing high privileged users to perform Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Strategy11 | Formidable Form Builder | < 5.0.07 |
Related Weaknesses (CWE)
References
- https://plugins.trac.wordpress.org/changeset/2609911PatchThird Party Advisory
- https://wpscan.com/vulnerability/75305ea8-730b-4caf-a3c6-cb94adee683cExploitThird Party Advisory
- https://plugins.trac.wordpress.org/changeset/2609911PatchThird Party Advisory
- https://wpscan.com/vulnerability/75305ea8-730b-4caf-a3c6-cb94adee683cExploitThird Party Advisory
FAQ
What is CVE-2021-24608?
CVE-2021-24608 is a vulnerability with a CVSS score of 4.8 (MEDIUM). The Formidable Form Builder – Contact Form, Survey & Quiz Forms Plugin for WordPress plugin before 5.0.07 does not sanitise and escape its Form's Labels, allowing high privileged users to perform Cros...
How severe is CVE-2021-24608?
CVE-2021-24608 has been rated MEDIUM with a CVSS base score of 4.8/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2021-24608?
Check the references section above for vendor advisories and patch information. Affected products include: Strategy11 Formidable Form Builder.