Search
Find a vulnerability
Search criteria
2 vulnerabilities found for Form Store to DB by Unknown
CVE-2021-25107 (GCVE-0-2021-25107)
Vulnerability from nvd – Published: 2022-02-14 09:20 – Updated: 2024-08-03 19:56
VLAI
Title
Form Store to DB < 1.1.1 - Unauthenticated Stored Cross-Site Scripting
Summary
The Form Store to DB WordPress plugin before 1.1.1 does not sanitise and escape parameter keys before outputting it back in the created entry, allowing unauthenticated attacker to perform Cross-Site Scripting attacks against admin
Severity
No CVSS data available.
CWE
- CWE-79 - Cross-site Scripting (XSS)
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://wpscan.com/vulnerability/3999a1b9-df85-43… | x_refsource_MISC |
| https://plugins.trac.wordpress.org/changeset/2657583 | x_refsource_CONFIRM |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Unknown | Form Store to DB |
Affected:
1.1.1 , < 1.1.1
(custom)
|
Credits
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T19:56:10.990Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://wpscan.com/vulnerability/3999a1b9-df85-43b1-b412-dc8a6f71cc5d"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://plugins.trac.wordpress.org/changeset/2657583"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Form Store to DB",
"vendor": "Unknown",
"versions": [
{
"lessThan": "1.1.1",
"status": "affected",
"version": "1.1.1",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Yoru Oni"
}
],
"descriptions": [
{
"lang": "en",
"value": "The Form Store to DB WordPress plugin before 1.1.1 does not sanitise and escape parameter keys before outputting it back in the created entry, allowing unauthenticated attacker to perform Cross-Site Scripting attacks against admin"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Cross-site Scripting (XSS)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-02-14T09:20:51.000Z",
"orgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
"shortName": "WPScan"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://wpscan.com/vulnerability/3999a1b9-df85-43b1-b412-dc8a6f71cc5d"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://plugins.trac.wordpress.org/changeset/2657583"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Form Store to DB \u003c 1.1.1 - Unauthenticated Stored Cross-Site Scripting",
"x_generator": "WPScan CVE Generator",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "contact@wpscan.com",
"ID": "CVE-2021-25107",
"STATE": "PUBLIC",
"TITLE": "Form Store to DB \u003c 1.1.1 - Unauthenticated Stored Cross-Site Scripting"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Form Store to DB",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "1.1.1",
"version_value": "1.1.1"
}
]
}
}
]
},
"vendor_name": "Unknown"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Yoru Oni"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Form Store to DB WordPress plugin before 1.1.1 does not sanitise and escape parameter keys before outputting it back in the created entry, allowing unauthenticated attacker to perform Cross-Site Scripting attacks against admin"
}
]
},
"generator": "WPScan CVE Generator",
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-79 Cross-site Scripting (XSS)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://wpscan.com/vulnerability/3999a1b9-df85-43b1-b412-dc8a6f71cc5d",
"refsource": "MISC",
"url": "https://wpscan.com/vulnerability/3999a1b9-df85-43b1-b412-dc8a6f71cc5d"
},
{
"name": "https://plugins.trac.wordpress.org/changeset/2657583",
"refsource": "CONFIRM",
"url": "https://plugins.trac.wordpress.org/changeset/2657583"
}
]
},
"source": {
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
"assignerShortName": "WPScan",
"cveId": "CVE-2021-25107",
"datePublished": "2022-02-14T09:20:51.000Z",
"dateReserved": "2021-01-14T00:00:00.000Z",
"dateUpdated": "2024-08-03T19:56:10.990Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-25107 (GCVE-0-2021-25107)
Vulnerability from cvelistv5 – Published: 2022-02-14 09:20 – Updated: 2024-08-03 19:56
VLAI
Title
Form Store to DB < 1.1.1 - Unauthenticated Stored Cross-Site Scripting
Summary
The Form Store to DB WordPress plugin before 1.1.1 does not sanitise and escape parameter keys before outputting it back in the created entry, allowing unauthenticated attacker to perform Cross-Site Scripting attacks against admin
Severity
No CVSS data available.
CWE
- CWE-79 - Cross-site Scripting (XSS)
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://wpscan.com/vulnerability/3999a1b9-df85-43… | x_refsource_MISC |
| https://plugins.trac.wordpress.org/changeset/2657583 | x_refsource_CONFIRM |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Unknown | Form Store to DB |
Affected:
1.1.1 , < 1.1.1
(custom)
|
Credits
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T19:56:10.990Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://wpscan.com/vulnerability/3999a1b9-df85-43b1-b412-dc8a6f71cc5d"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://plugins.trac.wordpress.org/changeset/2657583"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Form Store to DB",
"vendor": "Unknown",
"versions": [
{
"lessThan": "1.1.1",
"status": "affected",
"version": "1.1.1",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Yoru Oni"
}
],
"descriptions": [
{
"lang": "en",
"value": "The Form Store to DB WordPress plugin before 1.1.1 does not sanitise and escape parameter keys before outputting it back in the created entry, allowing unauthenticated attacker to perform Cross-Site Scripting attacks against admin"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Cross-site Scripting (XSS)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-02-14T09:20:51.000Z",
"orgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
"shortName": "WPScan"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://wpscan.com/vulnerability/3999a1b9-df85-43b1-b412-dc8a6f71cc5d"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://plugins.trac.wordpress.org/changeset/2657583"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Form Store to DB \u003c 1.1.1 - Unauthenticated Stored Cross-Site Scripting",
"x_generator": "WPScan CVE Generator",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "contact@wpscan.com",
"ID": "CVE-2021-25107",
"STATE": "PUBLIC",
"TITLE": "Form Store to DB \u003c 1.1.1 - Unauthenticated Stored Cross-Site Scripting"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Form Store to DB",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "1.1.1",
"version_value": "1.1.1"
}
]
}
}
]
},
"vendor_name": "Unknown"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Yoru Oni"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Form Store to DB WordPress plugin before 1.1.1 does not sanitise and escape parameter keys before outputting it back in the created entry, allowing unauthenticated attacker to perform Cross-Site Scripting attacks against admin"
}
]
},
"generator": "WPScan CVE Generator",
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-79 Cross-site Scripting (XSS)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://wpscan.com/vulnerability/3999a1b9-df85-43b1-b412-dc8a6f71cc5d",
"refsource": "MISC",
"url": "https://wpscan.com/vulnerability/3999a1b9-df85-43b1-b412-dc8a6f71cc5d"
},
{
"name": "https://plugins.trac.wordpress.org/changeset/2657583",
"refsource": "CONFIRM",
"url": "https://plugins.trac.wordpress.org/changeset/2657583"
}
]
},
"source": {
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
"assignerShortName": "WPScan",
"cveId": "CVE-2021-25107",
"datePublished": "2022-02-14T09:20:51.000Z",
"dateReserved": "2021-01-14T00:00:00.000Z",
"dateUpdated": "2024-08-03T19:56:10.990Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}