mirror of
https://github.com/0xMarcio/cve.git
synced 2025-05-29 09:41:05 +00:00
970 B
970 B
CVE-2022-0830
&color=brighgreen)
Description
The FormBuilder WordPress plugin through 1.08 does not have CSRF checks in place when creating/updating and deleting forms, and does not sanitise as well as escape its form field values. As a result, attackers could make logged in admin update and delete arbitrary forms via a CSRF attack, and put Cross-Site Scripting payloads in them.
POC
Reference
- https://wpscan.com/vulnerability/114c0202-39f8-4748-ac0d-013d2d6f02f7
- https://wpscan.com/vulnerability/114c0202-39f8-4748-ac0d-013d2d6f02f7
Github
No PoCs found on GitHub currently.