6 matches found
CVE-2024-25905
CVE-2024-25905 is a CSRF vulnerability in Mondula GmbH Multi Step Form for WordPress, affecting versions 1.7.18 and earlier. The attached documents identify the flaw as Cross-Site Request Forgery (CSRF) in Multi Step Form, with Patchstack noting the fix in 1.7.19. Public references indicate the i...
CVE-2022-4196
The CVE-2022-4196 entry concerns the WordPress plugin Multi Step Form (versions before 1.7.8). The issue is that several form fields are not properly sanitised/escaped, allowing stored XSS by high-privilege users (e.g., admins), even when unfiltered_html is disallowed (e.g., in multisite setups)....
CVE-2024-50428
CVE-2024-50428 describes a Missing Authorization vulnerability in the Mondula GmbH Multi Step Form WordPress plugin (versions
CVE-2024-12427
CVE-2024-12427 affects the WordPress plugin Multi Step Form (aka Multi Step Form for WordPress). The issue is an unauthorized file upload via the fw_upload_file AJAX action, caused by a missing capability check in all versions up to and including 1.7.23. This allows unauthenticated attackers to u...
CVE-2018-14846
CVE-2018-14846 affects WordPress users of the Mondula Multi Step Form Plugin (pre-1.2.8). The vulnerability is a stored XSS via wp-admin/admin-ajax.php, as described in multiple sources (NVD, CNVD, CVE listings). The issue stems from improper input handling in the plugin’s AJAX endpoint, enabling...
CVE-2023-47758
The CVE-2023-47758 entry concerns Mondula GmbH’s WordPress Multi Step Form plugin. Affected versions are prior to 1.7.12 (per PT Security) and