CVE-2021-25107

medium

Description

The Form Store to DB WordPress plugin before 1.1.1 does not sanitise and escape parameter keys before outputting it back in the created entry, allowing unauthenticated attacker to perform Cross-Site Scripting attacks against admin

References

https://wpscan.com/vulnerability/3999a1b9-df85-43b1-b412-dc8a6f71cc5d

https://plugins.trac.wordpress.org/changeset/2657583

Details

Source: Mitre, NVD

Published: 2022-02-14

Updated: 2026-06-17

Risk Information

CVSS v2

Base Score: 4.3

Vector: CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:N

Severity: Medium

CVSS v3

Base Score: 6.1

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N