3 matches found
CVE-2023-5134
CVE-2023-5134 affects the WordPress plugin “Easy Registration Forms”. The vulnerability stems from insufficient access controls on the shortcodes, specifically the erforms_user_meta shortcode. Versions up to and including 2.1.1 are susceptible. With subscriber-level capabilities or higher, an aut...
CVE-2021-39353
The CVE-2021-39353 entry concerns the WordPress plugin Easy Registration Forms (versions up to 2.1.1). The vulnerability is Cross-Site Request Forgery caused by missing nonce validation in the ajax_add_form function within includes/class-form.php, enabling an attacker to inject arbitrary web scri...
CVE-2020-22275
The CVE describes a CSV injection in WordPress Easy Registration Forms (ER Forms) plugin v2.0.6, where attacker-supplied entries with malicious CSV commands are not sanitized, enabling code execution when an admin exports CSV data. Affected component: ER Forms plugin for WordPress; root cause: in...