6 matches found
CVE-2024-10877
AFI – The Easiest Integration Plugin for WordPress is vulnerable to a Reflected Cross‑Site Scripting due to using the functions add_query_arg/remove_query_arg without proper escaping in the URL, affecting all versions up to and including 1.92.0. This enables unauthenticated attackers to inject ar...
CVE-2024-43340
CVE-2024-43340 describes a Cross-Site Request Forgery (CSRF) vulnerability in the Nasirahmed Advanced Form Integration (AFI) WordPress plugin. The entry covers AFI versions from 1.0 through 1.89.4 and indicates a CSRF weakness but does not specify the exact root cause or affected actions beyond t...
CVE-2023-50853
CVE-2023-50853 is an authenticated SQL injection affecting the WordPress plugin Advanced Form Integration (Connect WooCommerce and Contact Form 7 to Google Sheets and other platforms). Affected versions are up to 1.75.0. Root cause: improper neutralization of input elements used in SQL commands. ...
CVE-2024-13123
The AFI WordPress plugin (versions prior to 1.100.0) is affected. Affected component: plugin settings sanitisation/escaping path in AFI before 1.100.0. Root cause: certain settings are not properly sanitised and escaped, enabling Stored Cross-Site Scripting (Stored XSS) by high-privilege users (e...
CVE-2024-13122
The CVE-2024-13122 entry describes an issue in the AFI WordPress plugin prior to version 1.100.0 where some settings are not properly sanitised/escaped. This enables stored Cross-Site Scripting by high-privilege users (e.g., admins) even when unfiltered_html is disallowed (including multisite con...
CVE-2022-47173
CVE-2022-47173 affects the WordPress plugin “Connect Contact Form 7, WooCommerce To Google Sheets & Other Platforms – Advanced Form Integration” (