Cformsii Security Vulnerabilities and Issues — Cformsii CVE List

Cformsii ProjectCformsii

9 matches found

CVE•added 2019/08/22 7:48 p.m.•50 views

CVE-2014-10393

The CVE-2014-10393 entry describes a cross-site scripting (XSS) vulnerability in the WordPress cforms2 plugin before version 10.5. Affected component: cforms2 WordPress plugin; vulnerability type: XSS. Consequence: allows potentially unintended client-side code execution as documented in multiple...

6.1CVSS6.4AI score0.00913EPSS

CVE•added 2019/08/22 12:13 p.m.•50 views

CVE-2017-18570

CVE-2017-18570 affects the WordPress plugin cforms2 prior to version 14.13. The vulnerability is an SQL injection in the tracking database GUI triggered via Delete Entries or Download Entries, enabling an attacker to manipulate the database. Reported CVSS details show high/severe impact (CVSSv3: ...

9.8CVSS9.9AI score0.01779EPSS

CVE•added 2019/08/22 6:52 p.m.•49 views

CVE-2014-10392

The CVE-2014-10392 entry concerns the WordPress cforms2 plugin, specifically versions before 10.2, which are affected by a cross-site scripting (XSS) vulnerability. The vulnerability is due to an XSS flaw in the plugin’s handling of input, allowing an attacker to inject and execute client-side sc...

6.1CVSS6.4AI score0.00932EPSS

CVE•added 2019/08/22 12:13 p.m.•48 views

CVE-2015-9333

CVE-2015-9333 affects WordPress cforms2 plugin versions prior to 14.6.10, with a SQL injection vulnerability in the plugin’s handling of inputs. Impact per sources includes the ability to execute illegal SQL commands (high severity). Remediation: upgrade to version 14.6.10 or later; no exploitati...

9.8CVSS9.9AI score0.01803EPSS

CVE•added 2019/08/21 6:12 p.m.•43 views

CVE-2017-18559

The CVE-2017-18559 entry concerns the WordPress plugin cforms2. Affected: cforms2 plugin versions prior to 14.13.3. Vulnerability: multiple cross-site scripting (XSS) issues in the plugin. Impact: allows injection of client-side scripts, as described in connected sources. Root cause details are n...

6.1CVSS6.1AI score0.00916EPSS

CVE•added 2019/08/21 6:11 p.m.•42 views

CVE-2014-10377

CVE-2014-10377 affects the WordPress plugin cforms2 (before 13.2). The vulnerability is an XSS in lib_ajax.php within the cforms2 component. The issue allows injection of crafted data leading to potential client-side code execution and partial integrity impact per CVSS 3.1 metrics, with network a...

6.1CVSS6AI score0.00928EPSS

CVE•added 2024/01/08 7:54 p.m.•42 views

CVE-2023-52203

CVE-2023-52203 affects the WordPress plugin cformsII up to version 15.0.5. The issue is a Stored XSS caused by improper neutralization of input during web page generation, potentially enabling script execution in the context of the affected site. Patch guidance from Patchstack indicates the vulne...

5.9CVSS6.5AI score0.00316EPSS

CVE•added 2019/08/20 2:54 p.m.•40 views

CVE-2019-15238

The entry CVE-2019-15238 concerns the WordPress plugin cforms2 (pre-15.0.2). A CSRF weakness is reported related to the IP address field, affecting the plugin before 15.0.2. The affected component is the cforms2 plugin for WordPress; root cause is CSRF in handling the IP address field. The connec...

8.8CVSS8.6AI score0.00745EPSS

CVE•added 2023/06/15 11:58 a.m.•32 views

CVE-2023-25449

CVE-2023-25449 is a CSRF vulnerability in the WordPress plugin cformsII

8.8CVSS6.5AI score0.00273EPSS