← Back

Multi Step Form

multi_step_form

Vendor: Mondula • 8 CVEs

CVEs (8)

CVE
VENDORS
PRODUCTS
UPDATED
PUBLISHED
CVSS
CVE-2024-12427
1Mondula
1Multi Step Form
Jun 17, 2026
Jan 16, 2025
N/A· v4
5.3 MEDIUM· v3
N/A· v2
The Multi Step Form plugin for WordPress is vulnerable to unauthorized limited file upload due to a missing capability check on the fw_upload_file AJAX action in all versions up to, and including, 1.7.23. This makes it p...Show more
The Multi Step Form plugin for WordPress is vulnerable to unauthorized limited file upload due to a missing capability check on the fw_upload_file AJAX action in all versions up to, and including, 1.7.23. This makes it possible for unauthenticated attackers to upload limited file types such as images.Show less
CVE-2024-50428
1Mondula
1Multi Step Form
Jun 17, 2026
Oct 29, 2024
N/A· v4
9.8 CRITICAL· v3
N/A· v2
Missing Authorization vulnerability in mondula2016 Multi Step Form multi-step-form allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Multi Step Form: from n/a through <= 1.7.21.
CVE-2024-25905
1Mondula
1Multi Step Form
Jun 17, 2026
Feb 21, 2024
N/A· v4
5.4 MEDIUM· v3
N/A· v2
Cross-Site Request Forgery (CSRF) vulnerability in Mondula GmbH Multi Step Form.This issue affects Multi Step Form: from n/a through 1.7.18.
CVE-2023-50832
1Mondula
1Multi Step Form
Jun 17, 2026
Dec 21, 2023
N/A· v4
4.8 MEDIUM· v3
N/A· v2
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Mondula GmbH Multi Step Form allows Stored XSS.This issue affects Multi Step Form: from n/a through 1.7.13.
CVE-2023-47758
1Mondula
1Multi Step Form
Jun 17, 2026
Nov 22, 2023
N/A· v4
8.8 HIGH· v3
N/A· v2
Cross-Site Request Forgery (CSRF) vulnerability in Mondula GmbH Multi Step Form plugin <= 1.7.11 versions.
CVE-2022-4196
1Mondula
1Multi Step Form
Jun 17, 2026
Jan 9, 2023
N/A· v4
4.8 MEDIUM· v3
N/A· v2
The Multi Step Form WordPress plugin before 1.7.8 does not sanitise and escape some of its form fields, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the un...Show more
The Multi Step Form WordPress plugin before 1.7.8 does not sanitise and escape some of its form fields, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup).Show less
CVE-2018-14846
1Mondula
1Multi Step Form
Nov 21, 2024
Dec 20, 2018
N/A· v4
5.4 MEDIUM· v3
3.5 LOW· v2
The Mondula Multi Step Form plugin before 1.2.8 for WordPress has multiple stored XSS via wp-admin/admin-ajax.php.
CVE-2018-14430
1Mondula
1Multi Step Form
Nov 21, 2024
Jul 25, 2018
N/A· v4
6.1 MEDIUM· v3
4.3 MEDIUM· v2
The Mondula Multi Step Form plugin through 1.2.5 for WordPress allows XSS via the fw_data [id][1], fw_data [id][2], fw_data [id][3], fw_data [id][4], or email field of the contact form, exploitable with an fw_send_email...Show more
The Mondula Multi Step Form plugin through 1.2.5 for WordPress allows XSS via the fw_data [id][1], fw_data [id][2], fw_data [id][3], fw_data [id][4], or email field of the contact form, exploitable with an fw_send_email action to wp-admin/admin-ajax.php.Show less