The Form Store to DB WordPress plugin before 1.1.1 does not sanitise and escape parameter keys before outputting it back in the created entry, allowing unauthenticated attacker to perform Cross-Site Scripting attacks against admin
References
Link | Resource |
---|---|
https://plugins.trac.wordpress.org/changeset/2657583 | Patch Third Party Advisory |
https://wpscan.com/vulnerability/3999a1b9-df85-43b1-b412-dc8a6f71cc5d | Exploit Third Party Advisory |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: WPScan
Published: 2022-02-14T09:20:51
Updated: 2022-02-14T09:20:51
Reserved: 2021-01-14T00:00:00
Link: CVE-2021-25107
JSON object: View
NVD Information
Status : Analyzed
Published: 2022-02-14T12:15:15.290
Modified: 2022-02-22T22:26:52.483
Link: CVE-2021-25107
JSON object: View
Redhat Information
No data.
CWE