VYPR

Cp Easy Form Builder

by WordPress

Source repositories

CVEs (4)

  • CVE-2025-24672HigJan 24, 2025
    risk 0.55cvss 8.5epss 0.00

    Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in codepeople Form Builder CP cp-easy-form-builder allows SQL Injection.This issue affects Form Builder CP: from n/a through <= 1.2.41.

  • CVE-2024-13680MedJan 24, 2025
    risk 0.42cvss 6.5epss 0.00

    The Form Builder CP plugin for WordPress is vulnerable to SQL Injection via the 'id' parameter of the 'CP_EASY_FORM_WILL_APPEAR_HERE' shortcode in all versions up to, and including, 1.2.41 due to insufficient escaping on the user supplied parameter and lack of sufficient…

  • CVE-2026-9278MedJun 15, 2026
    risk 0.35cvss 5.4epss 0.00

    The Form Builder CP WordPress plugin before 1.2.47 does not properly sanitize a form configuration value before storing it and using it as part of a client-side script execution, allowing authenticated users with Editor-level access and above to perform Stored Cross-Site…

  • CVE-2022-2567MedSep 19, 2022
    risk 0.31cvss 4.8epss 0.01

    The Form Builder CP WordPress plugin before 1.2.32 does not sanitise and escape some of its form settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in…