Wordpress Plugin Contact Form Builder 1.6.1 - Cross-Site Scripting (XSS)

vendor:

Contact Forms Builder

by:

Milad karimi

4.3

CVSS

MEDIUM

Cross-Site Scripting (XSS)

CWE

Product Name: Contact Forms Builder

Affected Version From: 1.6.2001

Affected Version To: 1.6.2001

Patch Exists: YES

Related CWE:

CPE: 2.3:a:wordpress:contact_forms_builder:1.6.1

Metasploit:

Other Scripts:

Platforms Tested: Windows 11

2022

WordPress Plugin Contact Form Builder 1.6.1 – Cross-Site Scripting (XSS)

This plugin creates a Contact Form Builder from any post types. The slider import search feature and tab parameter via plugin settings are vulnerable to reflected cross-site scripting.

Mitigation:

Upgrade to version 1.6.2 or later.

Source

WordPress Plugin Contact Form Builder 1.6.1 – Cross-Site Scripting (XSS)

Mitigation:

Exploit-DB raw data: