mirror of
https://github.com/0xMarcio/cve.git
synced 2026-05-26 01:07:59 +02:00
0xMarcio
898 B
898 B
CVE-2022-0830
&color=brightgreen)
Description
The FormBuilder WordPress plugin through 1.08 does not have CSRF checks in place when creating/updating and deleting forms, and does not sanitise as well as escape its form field values. As a result, attackers could make logged in admin update and delete arbitrary forms via a CSRF attack, and put Cross-Site Scripting payloads in them.