VYPR

Form Builder

by Cmsmadesimple

CVEs (8)

  • CVE-2017-6070CriFeb 21, 2017
    risk 0.64cvss 9.8epss 0.02

    CMS Made Simple version 1.x Form Builder before version 0.8.1.6 allows remote attackers to execute PHP code via the cntnt01fbrp_forma_form_template parameter in admin_store_form.

  • CVE-2025-24672HigJan 24, 2025
    risk 0.55cvss 8.5epss 0.00

    Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in codepeople Form Builder CP cp-easy-form-builder allows SQL Injection.This issue affects Form Builder CP: from n/a through <= 1.2.41.

  • CVE-2025-12178MedJan 14, 2026
    risk 0.42cvss 6.4epss 0.00

    The SpiceForms Form Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'spiceforms' shortcode in all versions up to, and including, 1.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible…

  • CVE-2017-6072MedFeb 21, 2017
    risk 0.35cvss 5.3epss 0.02

    CMS Made Simple version 1.x Form Builder before version 0.8.1.6 allows remote attackers to conduct information-disclosure attacks via defaultadmin.

  • CVE-2017-6071MedFeb 21, 2017
    risk 0.35cvss 5.3epss 0.02

    CMS Made Simple version 1.x Form Builder before version 0.8.1.6 allows remote attackers to conduct information-disclosure attacks via exportxml.

  • CVE-2023-23796MedNov 7, 2023
    risk 0.31cvss 4.7epss 0.01

    Improper Neutralization of Formula Elements in a CSV File vulnerability in Muneeb Form Builder | Create Responsive Contact Forms.This issue affects Form Builder | Create Responsive Contact Forms: from n/a through 1.9.9.0.

  • CVE-2023-23795Jun 22, 2023
    risk 0.00cvss epss 0.00

    Cross-Site Request Forgery (CSRF) vulnerability in Muneeb Form Builder plugin <= 1.9.9.0 versions.

  • CVE-2022-2567Sep 19, 2022
    risk 0.00cvss epss 0.00

    The Form Builder CP WordPress plugin before 1.2.32 does not sanitise and escape some of its form settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in…