Live Vulnerability Intelligence
Threat Database
Search CVEs, inspect descriptions, and open detail pages with AI-assisted technical context.
Threat Entry
Updated 2024-11-21
CVE-2023-6842 - Custom Form Builder Plugin
The Formidable Forms – Contact Form, Survey, Quiz, Payment, Calculator Form & Custom Form Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the name field label and description field label parameter in all versions up to 6.7 (inclusive) due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level access, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. By default, this only affects multi-site installations and installations where unfiltered_html has been disabled.…
PLUGIN
Custom Form Builder
CVE-2023-6842
Risk Score
Threat Entry
Updated 2026-04-08
CVE-2021-4417 - Custom Form Builder Plugin
The Forminator – Contact Form, Payment Form & Custom Form Builder plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.13.4. This is due to missing or incorrect nonce validation on the listen_for_saving_export_schedule() function. This makes it possible for unauthenticated attackers to export form submissions via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.
PLUGIN
Custom Form Builder
CVE-2021-4417
Risk Score