Review
Form Builder CP
CVE published 2026-06-15
CVE-2026-9278
CVE-2026-9278 is a Stored Cross-Site Scripting (XSS) vulnerability in the Form Builder CP WordPress plugin before version 1.2.47. The plugin does not properly sanitize a form configuration value before storing it and using it as part of a client-side script execution. This allows authenticated users with Editor-level access and above to perform Stored Cross-Site Scripting attacks against any visitor of a [truncated]