Vulnerability Details CVE-2022-0830
The FormBuilder WordPress plugin through 1.08 does not have CSRF checks in place when creating/updating and deleting forms, and does not sanitise as well as escape its form field values. As a result, attackers could make logged in admin update and delete arbitrary forms via a CSRF attack, and put Cross-Site Scripting payloads in them.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.001
EPSS Ranking 27.9%
CVSS Severity
CVSS v3 Score 6.5
CVSS v2 Score 4.3
References
Products affected by CVE-2022-0830
-
cpe:2.3:a:formbuilder_project:formbuilder:0.81
-
cpe:2.3:a:formbuilder_project:formbuilder:0.82
-
cpe:2.3:a:formbuilder_project:formbuilder:0.84
-
cpe:2.3:a:formbuilder_project:formbuilder:0.85
-
cpe:2.3:a:formbuilder_project:formbuilder:0.851
-
cpe:2.3:a:formbuilder_project:formbuilder:0.852
-
cpe:2.3:a:formbuilder_project:formbuilder:0.860
-
cpe:2.3:a:formbuilder_project:formbuilder:0.870
-
cpe:2.3:a:formbuilder_project:formbuilder:0.880
-
cpe:2.3:a:formbuilder_project:formbuilder:0.881
-
cpe:2.3:a:formbuilder_project:formbuilder:0.89
-
cpe:2.3:a:formbuilder_project:formbuilder:0.891
-
cpe:2.3:a:formbuilder_project:formbuilder:0.892
-
cpe:2.3:a:formbuilder_project:formbuilder:0.9.1
-
cpe:2.3:a:formbuilder_project:formbuilder:0.90
-
cpe:2.3:a:formbuilder_project:formbuilder:0.91
-
cpe:2.3:a:formbuilder_project:formbuilder:0.92
-
cpe:2.3:a:formbuilder_project:formbuilder:0.93
-
cpe:2.3:a:formbuilder_project:formbuilder:1.00
-
cpe:2.3:a:formbuilder_project:formbuilder:1.03
-
cpe:2.3:a:formbuilder_project:formbuilder:1.04
-
cpe:2.3:a:formbuilder_project:formbuilder:1.05
-
cpe:2.3:a:formbuilder_project:formbuilder:1.06
-
cpe:2.3:a:formbuilder_project:formbuilder:1.07
-
cpe:2.3:a:formbuilder_project:formbuilder:1.08