Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
crmperks contact form entries vulnerabilities and exploits
(subscribe to this query)
4.3
CVSSv2
CVE-2021-25079
The Contact Form Entries WordPress plugin prior to 1.2.4 does not sanitise and escape various parameters, such as form_id, status, end_date, order, orderby and search before outputting them back in the admin page
Crmperks Contact Form Entries
4.3
CVSSv2
CVE-2021-25080
The Contact Form Entries WordPress plugin prior to 1.1.7 does not validate, sanitise and escape the IP address retrieved via headers such as CLIENT-IP and X-FORWARDED-FOR, allowing unauthenticated malicious users to perform Cross-Site Scripting attacks against logged in admins vi...
Crmperks Contact Form Entries
NA
CVE-2023-33311
Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in CRM Perks Contact Form Entries plugin <= 1.3.0 versions.
Crmperks Contact Form Entries - Contact Form 7 Wpforms And More
NA
CVE-2022-3604
The Contact Form Entries WordPress plugin prior to 1.3.0 does not validate data when its output in a CSV file, which could lead to CSV injection.
Crmperks Database For Contact Form 7\\, Wpforms\\, Elementor Forms
NA
CVE-2023-31212
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in CRM Perks Database for Contact Form 7, WPforms, Elementor forms contact-form-entries allows SQL Injection.This issue affects Database for Contact Form 7, WPforms, Eleme...
Crmperks Database For Contact Form 7\\, Wpforms\\, Elementor Forms
NA
CVE-2024-1069
The Contact Form Entries plugin for WordPress is vulnerable to arbitrary file uploads due to insufficient file validation on the 'view_page' function in versions up to, and including, 1.3.2. This makes it possible for authenticated attackers with administrator-level cap...
Crmperks Database For Contact Form 7\\, Wpforms\\, Elementor Forms
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
encryption
CVE-2024-4331
CVE-2024-26925
arbitrary code
CVE-2006-4304
CVE-2024-25458
CVE-2024-27077
reflected XSS
CVE-2024-4059
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started