Crmperks Crm Perks Forms vulnerabilities
8 known vulnerabilities affecting crmperks/crm_perks_forms.
Total CVEs
8
CISA KEV
0
Public exploits
2
Exploited in wild
0
Severity breakdown
CRITICAL2HIGH2MEDIUM4
Vulnerabilities
Page 1 of 1
CVE-2024-30498P2CRITICALCVSS 10.0PoCfixed in 1.1.52024-03-29
CVE-2024-30498 [CRITICAL] CWE-89 CVE-2024-30498: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability i
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in CRM Perks CRM Perks Forms.This issue affects CRM Perks Forms: from n/a through 1.1.4.
nvd
CVE-2022-38467P3MEDIUMCVSS 6.1PoC≤ 1.1.02023-01-14
CVE-2022-38467 [MEDIUM] CWE-79 CVE-2022-38467: Reflected Cross-Site Scripting (XSS) vulnerability in CRM Perks Forms – WordPress Form Builder <= 1.
Reflected Cross-Site Scripting (XSS) vulnerability in CRM Perks Forms – WordPress Form Builder <= 1.1.0 ver.
nvd
CVE-2024-30499P3HIGHCVSS 8.8fixed in 1.1.52024-03-29
CVE-2024-30499 [HIGH] CWE-89 CVE-2024-30499: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability i
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in CRM Perks CRM Perks Forms.This issue affects CRM Perks Forms: from n/a through 1.1.4.
nvd
CVE-2024-37463P3CRITICALCVSS 9.8fixed in 1.1.62024-11-01
CVE-2024-37463 [CRITICAL] CWE-862 CVE-2024-37463: Missing Authorization vulnerability in CRM Perks CRM Perks Forms allows Accessing Functionality Not
Missing Authorization vulnerability in CRM Perks CRM Perks Forms allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects CRM Perks Forms: from n/a through 1.1.5.
nvd
CVE-2024-7484P3HIGHCVSS 7.2fixed in 1.1.42024-08-06
CVE-2024-7484 [HIGH] CWE-434 CVE-2024-7484: The CRM Perks Forms plugin for WordPress is vulnerable to arbitrary file uploads due to insufficient
The CRM Perks Forms plugin for WordPress is vulnerable to arbitrary file uploads due to insufficient file validation on the 'handle_uploaded_files' function in versions up to, and including, 1.1.3. This makes it possible for authenticated attackers with administrator-level capabilities or above, to upload arbitrary files on the affected site's server wh
nvd
CVE-2024-30446P4MEDIUMCVSS 5.4fixed in 1.1.52024-03-29
CVE-2024-30446 [MEDIUM] CWE-79 CVE-2024-30446: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability i
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in CRM Perks CRM Perks Forms allows Stored XSS.This issue affects CRM Perks Forms: from n/a through 1.1.4.
nvd
CVE-2023-51536P4MEDIUMCVSS 4.8≤ 1.1.22024-02-01
CVE-2023-51536 [MEDIUM] CWE-79 CVE-2023-51536: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability i
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in CRM Perks CRM Perks Forms – WordPress Form Builder allows Stored XSS.This issue affects CRM Perks Forms – WordPress Form Builder: from n/a through 1.1.2.
nvd
CVE-2023-2836P4MEDIUMCVSS 4.8≤ 1.1.12023-05-31
CVE-2023-2836 [MEDIUM] CWE-79 CVE-2023-2836: The CRM Perks Forms plugin for WordPress is vulnerable to Stored Cross-Site Scripting via form setti
The CRM Perks Forms plugin for WordPress is vulnerable to Stored Cross-Site Scripting via form settings in versions up to, and including, 1.1.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will
nvd