CVE-2021-24608

CVE-2021-24608: Formidable Form Builder < 5.0.07 - Admin+ Stored Cross-Site Scripting

Vendor Unknown

Product Formidable Form Builder – Contact Form, Survey & Quiz Forms Plugin for WordPress

Weakness CWE-79 · XSS

Published October 25, 2021

Last update August 3, 2024

View on NVD All CVEs

CVSS base score

—

What the vulnerability does

01Description

The Formidable Form Builder – Contact Form, Survey & Quiz Forms Plugin for WordPress plugin before 5.0.07 does not sanitise and escape its Form's Labels, allowing high privileged users to perform Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed

Key dates

02Disclosure timeline

October 25, 2021 CVE published

August 3, 2024 Record updated

External resources

03References

NVD — National Vulnerability Database https://nvd.nist.gov/vuln/detail/CVE-2021-24608 CWE — Common Weakness Enumeration https://cwe.mitre.org/data/definitions/79.html

Related vulnerabilities

04Related CVE

CVE-2021-24407 Jannah < 5.4.5 - Reflected Cross-Site Scripting (XSS) CVE-2025-7496 WPC Smart Compare for WooCommerce <= 6.4.7 - Authenticated (Contributor+) DOM-Based Stored Cross-Site Scripting CVE-2023-39918 WordPress Booking Package Plugin <= 1.6.01 is vulnerable to Cross Site Scripting (XSS) CVE-2024-11052 Ninja Forms – The Contact Form Builder That Grows With You <= 3.8.19 - Unauthenticated Stored Cross-Site Scripting via Form Calculations CVE-2024-10894 Payment Forms for Paystack <= 4.0.2 - Authenticated (Contributor+) Stored Cross-Site Scripting