Cformsii_project Cformsii
9 CVEs affecting Cformsii_project Cformsii. Latest disclosed: 2024-01-08. Critical: 2, High: 1.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2017-18570 | Critical | 9.8 | 2019-08-22 | The cforms2 plugin before 14.13 for WordPress has SQL injection in the tracking DB GUI via Delete Entries or Download Entries. |
CVE-2015-9333 | Critical | 9.8 | 2019-08-22 | The cforms2 plugin before 14.6.10 for WordPress has SQL injection. |
CVE-2019-15238 | High | 8.8 | 2019-08-20 | The cforms2 plugin before 15.0.2 for WordPress has CSRF related to the IP address field. |
CVE-2014-10393 | Medium | 6.1 | 2019-08-22 | The cforms2 plugin before 10.5 for WordPress has XSS. |
CVE-2014-10392 | Medium | 6.1 | 2019-08-22 | The cforms2 plugin before 10.2 for WordPress has XSS. |
CVE-2017-18559 | Medium | 6.1 | 2019-08-21 | The cforms2 plugin before 14.13.3 for WordPress has multiple XSS issues. |
CVE-2014-10377 | Medium | 6.1 | 2019-08-21 | The cforms2 plugin before 13.2 for WordPress has XSS in lib_ajax.php. |
CVE-2023-52203 | Medium | 5.9 | 2024-01-08 | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Oliver Seidel, Bastian Germann cformsII allows Stored XSS… |
CVE-2023-25449 | Medium | 4.3 | 2023-06-15 | Cross-Site Request Forgery (CSRF) vulnerability in Oliver Seidel, Bastian Germann cformsII plugin <= 15.0.4 versions. |