CVE-2024-12427

The Multi Step Form plugin for WordPress is vulnerable to unauthorized limited file upload due to a missing capability check on the fwuploadfile AJAX action in all versions up to, and including, 1.7.23. This makes it possible for unauthenticated attackers to upload limited file types such as imag...

CVE-2023-47758

Cross-Site Request Forgery CSRF vulnerability in Mondula GmbH Multi Step Form plugin = 1.7.11 versions...

CVE-2023-50832 WordPress Multi Step Form Plugin <= 1.7.13 is vulnerable to Cross Site Scripting (XSS)

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Mondula GmbH Multi Step Form allows Stored XSS.This issue affects Multi Step Form: from n/a through 1.7.13...

CVE-2023-47758 WordPress Multi Step Form Plugin <= 1.7.11 is vulnerable to Cross Site Request Forgery (CSRF)

Cross-Site Request Forgery CSRF vulnerability in Mondula GmbH Multi Step Form plugin = 1.7.11 versions...

CVE-2023-47758

The CVE-2023-47758 entry concerns Mondula GmbH’s WordPress Multi Step Form plugin. Affected versions are prior to 1.7.12 (per PT Security) and