Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
crmperks contact form entries vulnerabilities and exploits
(subscribe to this query)
383
VMScore
CVE-2021-25080
The Contact Form Entries WordPress plugin prior to 1.1.7 does not validate, sanitise and escape the IP address retrieved via headers such as CLIENT-IP and X-FORWARDED-FOR, allowing unauthenticated malicious users to perform Cross-Site Scripting attacks against logged in admins vi...
Crmperks Contact Form Entries
383
VMScore
CVE-2021-25079
The Contact Form Entries WordPress plugin prior to 1.2.4 does not sanitise and escape various parameters, such as form_id, status, end_date, order, orderby and search before outputting them back in the admin page
Crmperks Contact Form Entries
NA
CVE-2023-33311
Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in CRM Perks Contact Form Entries plugin <= 1.3.0 versions.
Crmperks Contact Form Entries - Contact Form 7 Wpforms And More
NA
CVE-2022-3604
The Contact Form Entries WordPress plugin prior to 1.3.0 does not validate data when its output in a CSV file, which could lead to CSV injection.
Crmperks Database For Contact Form 7\\, Wpforms\\, Elementor Forms
NA
CVE-2023-31212
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in CRM Perks Database for Contact Form 7, WPforms, Elementor forms contact-form-entries allows SQL Injection.This issue affects Database for Contact Form 7, WPforms, Eleme...
Crmperks Database For Contact Form 7\\, Wpforms\\, Elementor Forms
NA
CVE-2024-1069
The Contact Form Entries plugin for WordPress is vulnerable to arbitrary file uploads due to insufficient file validation on the 'view_page' function in versions up to, and including, 1.3.2. This makes it possible for authenticated attackers with administrator-level cap...
Crmperks Database For Contact Form 7\\, Wpforms\\, Elementor Forms
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-33228
CVE-2024-20361
log injection
bypass
CVE-2024-4985
CVE-2024-35223
CVE-2024-29849
CVE-2024-31893
IMAP
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started