Lucene search
K

6 matches found

CVE
CVE
added 2024/02/21 6:47 a.m.84 views

CVE-2024-25905

CVE-2024-25905 is a CSRF vulnerability in Mondula GmbH Multi Step Form for WordPress, affecting versions 1.7.18 and earlier. The attached documents identify the flaw as Cross-Site Request Forgery (CSRF) in Multi Step Form, with Patchstack noting the fix in 1.7.19. Public references indicate the i...

5.4CVSS6.7AI score0.00186EPSS
CVE
CVE
added 2023/01/09 10:13 p.m.69 views

CVE-2022-4196

The CVE-2022-4196 entry concerns the WordPress plugin Multi Step Form (versions before 1.7.8). The issue is that several form fields are not properly sanitised/escaped, allowing stored XSS by high-privilege users (e.g., admins), even when unfiltered_html is disallowed (e.g., in multisite setups)....

4.8CVSS4.7AI score0.0047EPSS
CVE
CVE
added 2024/10/29 9:10 p.m.57 views

CVE-2024-50428

CVE-2024-50428 describes a Missing Authorization vulnerability in the Mondula GmbH Multi Step Form WordPress plugin (versions

9.8CVSS5.9AI score0.00322EPSS
CVE
CVE
added 2025/01/16 9:39 a.m.54 views

CVE-2024-12427

CVE-2024-12427 affects the WordPress plugin Multi Step Form (aka Multi Step Form for WordPress). The issue is an unauthorized file upload via the fw_upload_file AJAX action, caused by a missing capability check in all versions up to and including 1.7.23. This allows unauthenticated attackers to u...

5.3CVSS5.1AI score0.00385EPSS
CVE
CVE
added 2018/12/20 10:0 p.m.51 views

CVE-2018-14846

CVE-2018-14846 affects WordPress users of the Mondula Multi Step Form Plugin (pre-1.2.8). The vulnerability is a stored XSS via wp-admin/admin-ajax.php, as described in multiple sources (NVD, CNVD, CVE listings). The issue stems from improper input handling in the plugin’s AJAX endpoint, enabling...

5.4CVSS5.4AI score0.01097EPSS
Web
CVE
CVE
added 2023/11/22 6:9 p.m.44 views

CVE-2023-47758

The CVE-2023-47758 entry concerns Mondula GmbH’s WordPress Multi Step Form plugin. Affected versions are prior to 1.7.12 (per PT Security) and

8.8CVSS7.1AI score0.00264EPSS