Search criteria
ⓘ
Use this form to refine search results.
Full-text search supports keyword queries with ranking and filtering.
You can combine vendor, product, and sources to narrow results.
Enable “Apply ordering” to sort by date instead of relevance.
1 vulnerability by pieforms
CVE-2022-1569 (GCVE-0-2022-1569)
Vulnerability from cvelistv5 – Published: 2022-06-06 08:51 – Updated: 2024-08-03 00:10
VLAI?
Title
WordPress Forms by Pie Forms < 1.4.9.4 - Admin+ Stored Cross-Site Scripting
Summary
The Drag & Drop Builder, Human Face Detector, Pre-built Templates, Spam Protection, User Email Notifications & more! WordPress plugin before 1.4.9.4 does not sanitise and escape some of its form fields, which could allow high privilege users such as admin to perform Cross-Site Scripting attacks when unfiltered_html is disallowed
Severity ?
No CVSS data available.
CWE
- CWE-79 - Cross-site Scripting (XSS)
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Unknown | Drag & Drop Builder, Human Face Detector, Pre-built Templates, Spam Protection, User Email Notifications & more! |
Affected:
1.4.9.4 , < 1.4.9.4
(custom)
|
Credits
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T00:10:03.277Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://wpscan.com/vulnerability/5a2756c1-9abf-4fd6-8ce2-9f840514dfcc"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Drag \u0026 Drop Builder, Human Face Detector, Pre-built Templates, Spam Protection, User Email Notifications \u0026 more!",
"vendor": "Unknown",
"versions": [
{
"lessThan": "1.4.9.4",
"status": "affected",
"version": "1.4.9.4",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Hitesh Kumar"
}
],
"descriptions": [
{
"lang": "en",
"value": "The Drag \u0026 Drop Builder, Human Face Detector, Pre-built Templates, Spam Protection, User Email Notifications \u0026 more! WordPress plugin before 1.4.9.4 does not sanitise and escape some of its form fields, which could allow high privilege users such as admin to perform Cross-Site Scripting attacks when unfiltered_html is disallowed"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Cross-site Scripting (XSS)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-06-06T08:51:06.000Z",
"orgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
"shortName": "WPScan"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://wpscan.com/vulnerability/5a2756c1-9abf-4fd6-8ce2-9f840514dfcc"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "WordPress Forms by Pie Forms \u003c 1.4.9.4 - Admin+ Stored Cross-Site Scripting",
"x_generator": "WPScan CVE Generator",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "contact@wpscan.com",
"ID": "CVE-2022-1569",
"STATE": "PUBLIC",
"TITLE": "WordPress Forms by Pie Forms \u003c 1.4.9.4 - Admin+ Stored Cross-Site Scripting"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Drag \u0026 Drop Builder, Human Face Detector, Pre-built Templates, Spam Protection, User Email Notifications \u0026 more!",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "1.4.9.4",
"version_value": "1.4.9.4"
}
]
}
}
]
},
"vendor_name": "Unknown"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Hitesh Kumar"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Drag \u0026 Drop Builder, Human Face Detector, Pre-built Templates, Spam Protection, User Email Notifications \u0026 more! WordPress plugin before 1.4.9.4 does not sanitise and escape some of its form fields, which could allow high privilege users such as admin to perform Cross-Site Scripting attacks when unfiltered_html is disallowed"
}
]
},
"generator": "WPScan CVE Generator",
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-79 Cross-site Scripting (XSS)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://wpscan.com/vulnerability/5a2756c1-9abf-4fd6-8ce2-9f840514dfcc",
"refsource": "MISC",
"url": "https://wpscan.com/vulnerability/5a2756c1-9abf-4fd6-8ce2-9f840514dfcc"
}
]
},
"source": {
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
"assignerShortName": "WPScan",
"cveId": "CVE-2022-1569",
"datePublished": "2022-06-06T08:51:06.000Z",
"dateReserved": "2022-05-04T00:00:00.000Z",
"dateUpdated": "2024-08-03T00:10:03.277Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}