WordPress Plugin Vulnerabilities

ARForms Form Builder < 1.5.7 - Unauthenticated Stored XSS

Description

The plugin does not sanitise and escape some parameters, which could allow unauthenticated users to perform Stored Cross-Site Scripting attacks

Affects Plugins

Plugin icon
arforms-form-builder
Fixed in 1.5.7

References

CVE
CVE-2022-45838

Classification

Type
XSS
OWASP top 10
A7: Cross-Site Scripting (XSS)
CWE
CWE-79
CVSS
8.8 (high)

Miscellaneous

Original Researcher
thiennv
Verified
No
WPVDB ID
b625908c-4a24-4235-8b2b-abb528a6d2de

Timeline

Publicly Published
2022-11-23 (about 3 years ago)
Added
2023-04-18 (about 3 years ago)
Last Updated
2023-10-12 (about 2 years ago)

Other

Published
Title
Published
2021-10-11
Title
3D Print Lite < 1.9.1.6 - Reflected Cross-Site Scripting
Published
2024-03-25
Title
Element Pack Elementor Addons < 5.5.4 - Contributor+ Stored XSS
Published
2025-06-19
Title
Spark Multipurpose <= 1.0.7 - Authenticated (Contributor+) Stored Cross-Site Scripting
Published
2024-01-12
Title
Schema & Structured Data for WP & AMP < 1.26 - Contributor+ Stored Cross-Site Scripting
Published
2025-01-16
Title
WH Cache & Security <= 1.1.2 - Reflected Cross-Site Scripting