VYPR

Cforms2

by WordPress

CVEs (8)

  • CVE-2024-22149HigMar 27, 2024
    risk 0.46cvss 7.1epss 0.00

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Oliver Seidel, Bastian Germann CformsII allows Stored XSS.This issue affects CformsII: from n/a through 15.0.5.

  • CVE-2014-10393Aug 22, 2019
    risk 0.00cvss epss 0.01

    The cforms2 plugin before 10.5 for WordPress has XSS.

  • CVE-2014-10392Aug 22, 2019
    risk 0.00cvss epss 0.01

    The cforms2 plugin before 10.2 for WordPress has XSS.

  • CVE-2015-9333Aug 22, 2019
    risk 0.00cvss epss 0.02

    The cforms2 plugin before 14.6.10 for WordPress has SQL injection.

  • CVE-2017-18570Aug 22, 2019
    risk 0.00cvss epss 0.02

    The cforms2 plugin before 14.13 for WordPress has SQL injection in the tracking DB GUI via Delete Entries or Download Entries.

  • CVE-2017-18559Aug 21, 2019
    risk 0.00cvss epss 0.01

    The cforms2 plugin before 14.13.3 for WordPress has multiple XSS issues.

  • CVE-2014-10377Aug 21, 2019
    risk 0.00cvss epss 0.01

    The cforms2 plugin before 13.2 for WordPress has XSS in lib_ajax.php.

  • CVE-2019-15238Aug 20, 2019
    risk 0.00cvss epss 0.01

    The cforms2 plugin before 15.0.2 for WordPress has CSRF related to the IP address field.