The Form Builder plugin for WordPress is vulnerable to a security threat called CSV Injection. This threat affects version 1.9.9.0 and earlier of the plugin. It allows unauthenticated attackers to embed malicious code into exported CSV files. If these files are opened on a system with a vulnerable configuration, the malicious code will be executed.
This information is sourced from www.wpvulnerability.com. An open-source database of vulnerabilities maintained by the community. Help us out by submitting vulnerabilities!
Version compare shows which versions have a vulnerability. For example: >= 2.2.8 <= 2.2.21 means:
> from 2.2.8
= including 2.2.8 & 2.2.21
< to 2.2.21
Is this information incorrect? Please leave us a message.
