Lucene search
K
MondulaMulti Step Form

8 matches found

CVE
CVE
added 2024/02/21 6:47 a.m.83 views

CVE-2024-25905

CVE-2024-25905 is a CSRF vulnerability in Mondula GmbH Multi Step Form for WordPress, affecting versions 1.7.18 and earlier. The attached documents identify the flaw as Cross-Site Request Forgery (CSRF) in Multi Step Form, with Patchstack noting the fix in 1.7.19. Public references indicate the i...

5.4CVSS6.7AI score0.00186EPSS
CVE
CVE
added 2023/12/21 5:23 p.m.72 views

CVE-2023-50832

CVE-2023-50832 affects Mondula Multi Step Form (WordPress plugin) with Stored XSS due to improper neutralization during web page generation. Affected versions: Multi Step Form

5.9CVSS6.5AI score0.00402EPSS
CVE
CVE
added 2023/01/09 10:13 p.m.68 views

CVE-2022-4196

The CVE-2022-4196 entry concerns the WordPress plugin Multi Step Form (versions before 1.7.8). The issue is that several form fields are not properly sanitised/escaped, allowing stored XSS by high-privilege users (e.g., admins), even when unfiltered_html is disallowed (e.g., in multisite setups)....

4.8CVSS4.7AI score0.0047EPSS
CVE
CVE
added 2025/01/16 9:39 a.m.54 views

CVE-2024-12427

CVE-2024-12427 affects the WordPress plugin Multi Step Form (aka Multi Step Form for WordPress). The issue is an unauthorized file upload via the fw_upload_file AJAX action, caused by a missing capability check in all versions up to and including 1.7.23. This allows unauthenticated attackers to u...

5.3CVSS5.1AI score0.00385EPSS
CVE
CVE
added 2024/10/29 9:10 p.m.54 views

CVE-2024-50428

CVE-2024-50428 describes a Missing Authorization vulnerability in the Mondula GmbH Multi Step Form WordPress plugin (versions

9.8CVSS5.9AI score0.00322EPSS
CVE
CVE
added 2018/07/25 11:0 p.m.52 views

CVE-2018-14430

The CVE-2018-14430 vulnerability affects the WordPress Mondula/Multi Step Form plugin and is described as a cross-site scripting (XSS) flaw in version 1.2.5 and earlier. The affected component is the Mondula Multi Step Form plugin for WordPress, with the root cause being XSS in input handling of ...

6.1CVSS6.2AI score0.01255EPSS
Web
CVE
CVE
added 2018/12/20 10:0 p.m.48 views

CVE-2018-14846

CVE-2018-14846 affects WordPress users of the Mondula Multi Step Form Plugin (pre-1.2.8). The vulnerability is a stored XSS via wp-admin/admin-ajax.php, as described in multiple sources (NVD, CNVD, CVE listings). The issue stems from improper input handling in the plugin’s AJAX endpoint, enabling...

5.4CVSS5.4AI score0.01097EPSS
CVE
CVE
added 2023/11/22 6:9 p.m.44 views

CVE-2023-47758

The CVE-2023-47758 entry concerns Mondula GmbH’s WordPress Multi Step Form plugin. Affected versions are prior to 1.7.12 (per PT Security) and

8.8CVSS7.1AI score0.00264EPSS