First published: Mon Nov 20 2023(Updated: )
The Forminator WordPress plugin before 1.27.0 does not properly sanitize the redirect-url field in the form submission settings, which could allow high-privilege users such as an administrator to inject arbitrary web scripts even when the unfiltered_html capability is disallowed (for example in a multisite setup).
|Affected Software||Affected Version||How to fix|
The severity of CVE-2023-5119 is medium with a severity value of 4.8.
The affected software of CVE-2023-5119 is Forminator and Forminator Pro version up to 1.27.0.
CVE-2023-5119 allows high-privilege users, such as an administrator, to inject arbitrary web scripts.
The unfiltered_html capability is required for the exploit of CVE-2023-5119.
Yes, updating to Forminator and Forminator Pro version 1.27.0 or above fixes CVE-2023-5119.