CVE-2021-25107: 
WordPress vulnerability analysis and mitigation

The Form Store to DB WordPress plugin (versions before 1.1.1) contains a Cross-Site Scripting (XSS) vulnerability identified as CVE-2021-25107. The vulnerability was discovered and publicly disclosed on January 17, 2022. This security flaw affects the cf7-store-to-db-lite plugin and allows unauthenticated attackers to perform Cross-Site Scripting attacks against administrators (WPScan).

The vulnerability stems from improper input validation where the plugin fails to sanitize and escape parameter keys before outputting them back in the created entry. The vulnerability has been assigned a CVSS score of 8.8 (High), and is classified as CWE-79. The issue is specifically related to the handling of form data in the WordPress admin dashboard at the path /wp-admin/edit.php?post_type=cf7storetodbs (WPScan).

When exploited, this vulnerability allows unauthenticated attackers to inject malicious scripts that execute when administrators view the related entries in the admin dashboard. This could potentially lead to unauthorized actions being performed with administrator privileges (WPScan).

The vulnerability has been fixed in version 1.1.1 of the Form Store to DB WordPress plugin. Users are strongly advised to update to this version or later to protect against potential XSS attacks (WordPress Plugins).