Advancedformintegration

advancedformintegration

6 CVEs • 1 product

Products (1)

Click to collapse

Toggle

Advanced Form Integration

advanced_form_integration

CVEs (6)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2024-13123 1Advancedformintegration 1Advanced Form Integration Jun 17, 2026 Mar 25, 2025 N/A· v4 3.5 LOW· v3 N/A· v2 The AFI WordPress plugin before 1.100.0 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_htm...Show more The AFI WordPress plugin before 1.100.0 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup).Show less
CVE-2024-13122 1Advancedformintegration 1Advanced Form Integration Jun 17, 2026 Mar 25, 2025 N/A· v4 3.5 LOW· v3 N/A· v2 The AFI WordPress plugin before 1.100.0 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_htm...Show more The AFI WordPress plugin before 1.100.0 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup).Show less
CVE-2024-10877 1Advancedformintegration 1Advanced Form Integration Jun 17, 2026 Nov 13, 2024 N/A· v4 6.1 MEDIUM· v3 N/A· v2 The AFI – The Easiest Integration Plugin plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg & remove_query_arg without appropriate escaping on the URL in all versions up...Show more The AFI – The Easiest Integration Plugin plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg & remove_query_arg without appropriate escaping on the URL in all versions up to, and including, 1.92.0. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.Show less
CVE-2024-43340 1Advancedformintegration 1Advanced Form Integration Jun 17, 2026 Aug 26, 2024 N/A· v4 4.3 MEDIUM· v3 N/A· v2 Cross-Site Request Forgery (CSRF) vulnerability in Nasirahmed Advanced Form Integration.This issue affects Advanced Form Integration: from n/a through 1.89.4.
CVE-2023-50853 1Advancedformintegration 1Advanced Form Integration Jun 17, 2026 Dec 28, 2023 N/A· v4 7.2 HIGH· v3 N/A· v2 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Nasirahmed Advanced Form Integration – Connect WooCommerce and Contact Form 7 to Google Sheets and other platforms.Thi...Show more Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Nasirahmed Advanced Form Integration – Connect WooCommerce and Contact Form 7 to Google Sheets and other platforms.This issue affects Advanced Form Integration – Connect WooCommerce and Contact Form 7 to Google Sheets and other platforms: from n/a through 1.75.0.Show less
CVE-2022-47173 1Advancedformintegration 1Advanced Form Integration Jun 17, 2026 Mar 23, 2023 N/A· v4 4.8 MEDIUM· v3 N/A· v2 Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in nasirahmed Connect Contact Form 7, WooCommerce To Google Sheets & Other Platforms – Advanced Form Integration plugin <= 1.62.0 versions.