CVE-2021-24513 – Form Builder < 1.9.8.4 - Authenticated Stored Cross-Site Scripting

https://notcve.org/view.php?id=CVE-2021-24513

The Form Builder | Create Responsive Contact Forms WordPress plugin before 1.9.8.4 does not sanitise or escape its Form Title, allowing high privilege users such as admin to set Cross-Site Scripting payload in them, even when the unfiltered_html capability is disallowed El plugin de WordPress Form Builder | Create Responsive Contact Forms versiones anteriores a 1.9.8.4, no sanea o escapa de su Form Title, permitiendo que usuarios con privilegios elevados, como el administrador, establezcan cargas útiles de tipo Cross-Site Scripting en ellos, incluso cuando la capacidad unfiltered_html está desautorizada • https://wpscan.com/vulnerability/a1dc0ea9-51dd-43c3-bfd9-c5106193aeb6 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •