Cforms2
by WordPress
CVEs (8)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2024-22149 | Hig | 0.46 | 7.1 | 0.00 | Mar 27, 2024 | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Oliver Seidel, Bastian Germann CformsII allows Stored XSS.This issue affects CformsII: from n/a through 15.0.5. | ||
| CVE-2014-10393 | 0.00 | — | 0.01 | Aug 22, 2019 | The cforms2 plugin before 10.5 for WordPress has XSS. | |||
| CVE-2014-10392 | 0.00 | — | 0.01 | Aug 22, 2019 | The cforms2 plugin before 10.2 for WordPress has XSS. | |||
| CVE-2015-9333 | 0.00 | — | 0.02 | Aug 22, 2019 | The cforms2 plugin before 14.6.10 for WordPress has SQL injection. | |||
| CVE-2017-18570 | 0.00 | — | 0.02 | Aug 22, 2019 | The cforms2 plugin before 14.13 for WordPress has SQL injection in the tracking DB GUI via Delete Entries or Download Entries. | |||
| CVE-2017-18559 | 0.00 | — | 0.01 | Aug 21, 2019 | The cforms2 plugin before 14.13.3 for WordPress has multiple XSS issues. | |||
| CVE-2014-10377 | 0.00 | — | 0.01 | Aug 21, 2019 | The cforms2 plugin before 13.2 for WordPress has XSS in lib_ajax.php. | |||
| CVE-2019-15238 | 0.00 | — | 0.01 | Aug 20, 2019 | The cforms2 plugin before 15.0.2 for WordPress has CSRF related to the IP address field. |
- risk 0.46cvss 7.1epss 0.00
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Oliver Seidel, Bastian Germann CformsII allows Stored XSS.This issue affects CformsII: from n/a through 15.0.5.
- CVE-2014-10393Aug 22, 2019risk 0.00cvss —epss 0.01
The cforms2 plugin before 10.5 for WordPress has XSS.
- CVE-2014-10392Aug 22, 2019risk 0.00cvss —epss 0.01
The cforms2 plugin before 10.2 for WordPress has XSS.
- CVE-2015-9333Aug 22, 2019risk 0.00cvss —epss 0.02
The cforms2 plugin before 14.6.10 for WordPress has SQL injection.
- CVE-2017-18570Aug 22, 2019risk 0.00cvss —epss 0.02
The cforms2 plugin before 14.13 for WordPress has SQL injection in the tracking DB GUI via Delete Entries or Download Entries.
- CVE-2017-18559Aug 21, 2019risk 0.00cvss —epss 0.01
The cforms2 plugin before 14.13.3 for WordPress has multiple XSS issues.
- CVE-2014-10377Aug 21, 2019risk 0.00cvss —epss 0.01
The cforms2 plugin before 13.2 for WordPress has XSS in lib_ajax.php.
- CVE-2019-15238Aug 20, 2019risk 0.00cvss —epss 0.01
The cforms2 plugin before 15.0.2 for WordPress has CSRF related to the IP address field.