Crmperks

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2023-2527 1Crmperks 1Integration For Contact Form 7 And Zoho Crm, Bigin Dec 12, 2024 Jun 19, 2023 N/A· v4 4.8 MEDIUM· v3 N/A· v2 The Integration for Contact Form 7 and Zoho CRM, Bigin WordPress plugin before 1.2.4 does not properly sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by high pr...Show more The Integration for Contact Form 7 and Zoho CRM, Bigin WordPress plugin before 1.2.4 does not properly sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by high privilege users such as adminShow less
CVE-2023-2836 1Crmperks 1Crm Perks Forms Apr 8, 2026 May 31, 2023 N/A· v4 4.8 MEDIUM· v3 N/A· v2 The CRM Perks Forms plugin for WordPress is vulnerable to Stored Cross-Site Scripting via form settings in versions up to, and including, 1.1.1 due to insufficient input sanitization and output escaping. This makes it po...Show more The CRM Perks Forms plugin for WordPress is vulnerable to Stored Cross-Site Scripting via form settings in versions up to, and including, 1.1.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled.Show less
CVE-2023-33311 1Crmperks 1Contact Form Entries Contact Form 7 Wpforms And More Nov 21, 2024 May 28, 2023 N/A· v4 5.4 MEDIUM· v3 N/A· v2 Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in CRM Perks Contact Form Entries plugin <= 1.3.0 versions.
CVE-2023-25976 1Crmperks 1Integration For Contact Form 7 And Zoho Crm, Bigin Nov 21, 2024 May 26, 2023 N/A· v4 8.8 HIGH· v3 N/A· v2 Cross-Site Request Forgery (CSRF) vulnerability in CRM Perks Integration for Contact Form 7 and Zoho CRM, Bigin plugin <= 1.2.2 versions.
CVE-2022-38467 1Crmperks 1Crm Perks Forms Nov 21, 2024 Jan 14, 2023 N/A· v4 6.1 MEDIUM· v3 N/A· v2 Reflected Cross-Site Scripting (XSS) vulnerability in CRM Perks Forms – WordPress Form Builder <= 1.1.0 ver.
CVE-2021-25080 1Crmperks 1Contact Form Entries Nov 21, 2024 Jan 24, 2022 N/A· v4 6.1 MEDIUM· v3 4.3 MEDIUM· v2 The Contact Form Entries WordPress plugin before 1.1.7 does not validate, sanitise and escape the IP address retrieved via headers such as CLIENT-IP and X-FORWARDED-FOR, allowing unauthenticated attackers to perform Cros...Show more The Contact Form Entries WordPress plugin before 1.1.7 does not validate, sanitise and escape the IP address retrieved via headers such as CLIENT-IP and X-FORWARDED-FOR, allowing unauthenticated attackers to perform Cross-Site Scripting attacks against logged in admins viewing the created entryShow less
CVE-2021-25079 1Crmperks 1Contact Form Entries Nov 21, 2024 Jan 24, 2022 N/A· v4 6.1 MEDIUM· v3 4.3 MEDIUM· v2 The Contact Form Entries WordPress plugin before 1.2.4 does not sanitise and escape various parameters, such as form_id, status, end_date, order, orderby and search before outputting them back in the admin page

Previous 12