Lucene search

K

6 matches found

CVE
CVE
added 2024/02/21 7:15 a.m.70 views

CVE-2024-25905

Cross-Site Request Forgery (CSRF) vulnerability in Mondula GmbH Multi Step Form.This issue affects Multi Step Form: from n/a through 1.7.18.

5.4CVSS5.8AI score0.00048EPSS
CVE
CVE
added 2023/01/09 11:15 p.m.59 views

CVE-2022-4196

The Multi Step Form WordPress plugin before 1.7.8 does not sanitise and escape some of its form fields, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup).

4.8CVSS4.7AI score0.00098EPSS
CVE
CVE
added 2025/01/16 10:15 a.m.41 views

CVE-2024-12427

The Multi Step Form plugin for WordPress is vulnerable to unauthorized limited file upload due to a missing capability check on the fw_upload_file AJAX action in all versions up to, and including, 1.7.23. This makes it possible for unauthenticated attackers to upload limited file types such as imag...

5.3CVSS5.1AI score0.00148EPSS
CVE
CVE
added 2024/10/29 10:15 p.m.40 views

CVE-2024-50428

Missing Authorization vulnerability in Mondula GmbH Multi Step Form allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Multi Step Form: from n/a through 1.7.21.

9.8CVSS5AI score0.00188EPSS
CVE
CVE
added 2018/12/20 11:29 p.m.33 views

CVE-2018-14846

The Mondula Multi Step Form plugin before 1.2.8 for WordPress has multiple stored XSS via wp-admin/admin-ajax.php.

5.4CVSS5.4AI score0.00231EPSS
CVE
CVE
added 2023/11/22 6:15 p.m.31 views

CVE-2023-47758

Cross-Site Request Forgery (CSRF) vulnerability in Mondula GmbH Multi Step Form plugin

8.8CVSS7.1AI score0.00053EPSS