8 matches found
CVE-2024-25905
CVE-2024-25905 is a CSRF vulnerability in Mondula GmbH Multi Step Form for WordPress, affecting versions 1.7.18 and earlier. The attached documents identify the flaw as Cross-Site Request Forgery (CSRF) in Multi Step Form, with Patchstack noting the fix in 1.7.19. Public references indicate the i...
CVE-2023-50832
CVE-2023-50832 affects Mondula Multi Step Form (WordPress plugin) with Stored XSS due to improper neutralization during web page generation. Affected versions: Multi Step Form
CVE-2022-4196
The CVE-2022-4196 entry concerns the WordPress plugin Multi Step Form (versions before 1.7.8). The issue is that several form fields are not properly sanitised/escaped, allowing stored XSS by high-privilege users (e.g., admins), even when unfiltered_html is disallowed (e.g., in multisite setups)....
CVE-2024-12427
CVE-2024-12427 affects the WordPress plugin Multi Step Form (aka Multi Step Form for WordPress). The issue is an unauthorized file upload via the fw_upload_file AJAX action, caused by a missing capability check in all versions up to and including 1.7.23. This allows unauthenticated attackers to u...
CVE-2024-50428
CVE-2024-50428 describes a Missing Authorization vulnerability in the Mondula GmbH Multi Step Form WordPress plugin (versions
CVE-2018-14430
The CVE-2018-14430 vulnerability affects the WordPress Mondula/Multi Step Form plugin and is described as a cross-site scripting (XSS) flaw in version 1.2.5 and earlier. The affected component is the Mondula Multi Step Form plugin for WordPress, with the root cause being XSS in input handling of ...
CVE-2018-14846
CVE-2018-14846 affects WordPress users of the Mondula Multi Step Form Plugin (pre-1.2.8). The vulnerability is a stored XSS via wp-admin/admin-ajax.php, as described in multiple sources (NVD, CNVD, CVE listings). The issue stems from improper input handling in the plugin’s AJAX endpoint, enabling...
CVE-2023-47758
The CVE-2023-47758 entry concerns Mondula GmbH’s WordPress Multi Step Form plugin. Affected versions are prior to 1.7.12 (per PT Security) and