ThreatPress

WordPress Vulnerabilities Database

Back

WordPress Formidable Forms plugin <=2.05.02 - Multiple Cross-Site Scripting (XSS) vulnerabilities

Product
Formidable Forms
Description
Multiple Cross-Site Scripting (XSS) vulnerabilities found by Jouko Pynnönen in WordPress Formidable Forms plugin (versions <=2.05.02). Reflected Cross-Site Scripting vulnerability in form preview and Stored Cross-Site Scripting vulnerability in form entries.
Solution
Update the WordPress Formidable Forms plugin to the latest available version (at least version 2.05.03).
Classification
Type XSS (Cross Site Scripting)
OWASP Top 10 A3: Cross Site Scripting (XSS)
References
Plugin changelog
CVE
Name CVE-N/A
Versions
Affected In <=2.05.02
Fixed In 2.05.03
Disclosure date
2017-11-20
Credits
Jouko Pynnönen
Submitter
ThreatPress