CVE-2022-2567 – The Form Builder CP WordPress plugin before 1.2.32 does not sanitise and escape some of it …

19 September 2022

Vuln ID: CVE-2022-2567

Published: 2022-09-19 14:15:10Z

Description: The Form Builder CP WordPress plugin before 1.2.32 does not sanitise and escape some of its form settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)

Source: NVD.NIST.GOV

Date:

19 September 2022

Categorie(s):

NVD

Tag(s):

NVD

The MSSP perspective: CISO insights into stronger security19 April 2024
66% of IT leaders doubt the government can defend against cyberwarfare19 April 2024
FBI chief says Chinese hackers have infiltrated critical US infrastructure19 April 2024
Chasing business and partnerships, Apple goes APAC19 April 2024
French hospital impacted by cyberattack19 April 2024