CVE-2022-0830

CVE-2022-0830: FormBuilder <= 1.08 - Stored Cross-Site Scripting via CSRF

Vendor Unknown

Product FormBuilder

Weakness CWE-352 · CSRF

Published April 4, 2022

Last update August 2, 2024

View on NVD All CVEs

CVSS base score

—

What the vulnerability does

01Description

The FormBuilder WordPress plugin through 1.08 does not have CSRF checks in place when creating/updating and deleting forms, and does not sanitise as well as escape its form field values. As a result, attackers could make logged in admin update and delete arbitrary forms via a CSRF attack, and put Cross-Site Scripting payloads in them.

Key dates

02Disclosure timeline

April 4, 2022 CVE published

August 2, 2024 Record updated

External resources

03References

NVD — National Vulnerability Database https://nvd.nist.gov/vuln/detail/CVE-2022-0830 CWE — Common Weakness Enumeration https://cwe.mitre.org/data/definitions/352.html

Related vulnerabilities

04Related CVE

CVE-2025-13924 Advanced Product Fields (Product Addons) for WooCommerce <= 1.6.17 - Cross-Site Request Forgery to Product Field Group Duplication and Publication CVE-2024-49335 WordPress GoogleDrive folder list plugin <= 2.2.2 - CSRF to Stored Cross Site Scripting (XSS) vulnerability CVE-2025-13438 Page Title, Description & Open Graph Updater <= 1.02 - Cross-Site Request Forgery to Arbitrary Page Title Modification CVE-2023-0831 Under Construction <= 3.96 - Cross-Site Request Forgery via admin_action_ucp_dismiss_notice CVE-2024-12646 Chunghwa Telecom topm-client - Arbitrary File Delete