Tripetto

tripetto

4 CVEs • 1 product

Products (1)

Click to collapse

Toggle

CVEs (4)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2025-1530 1Tripetto 1Tripetto Mar 25, 2025 Mar 15, 2025 N/A· v4 4.3 MEDIUM· v3 N/A· v2 The Tripetto plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 8.0.9. This is due to missing nonce validation. This makes it possible for unauthenticated attackers to...Show more The Tripetto plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 8.0.9. This is due to missing nonce validation. This makes it possible for unauthenticated attackers to delete arbitrary results via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.Show less
CVE-2024-13497 1Tripetto 1Tripetto Mar 28, 2025 Mar 15, 2025 N/A· v4 6.1 MEDIUM· v3 N/A· v2 The WordPress form builder plugin for contact forms, surveys and quizzes – Tripetto plugin for WordPress is vulnerable to Stored Cross-Site Scripting via attachment uploads in all versions up to, and including, 8.0.9 due...Show more The WordPress form builder plugin for contact forms, surveys and quizzes – Tripetto plugin for WordPress is vulnerable to Stored Cross-Site Scripting via attachment uploads in all versions up to, and including, 8.0.9 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses the uploaded file.Show less
CVE-2024-10260 1Tripetto 1Tripetto Apr 8, 2026 Nov 15, 2024 N/A· v4 6.1 MEDIUM· v3 N/A· v2 The Tripetto plugin for WordPress is vulnerable to Stored Cross-Site Scripting via File uploads in all versions up to, and including, 8.0.11 due to insufficient input sanitization and output escaping. This makes it possi...Show more The Tripetto plugin for WordPress is vulnerable to Stored Cross-Site Scripting via File uploads in all versions up to, and including, 8.0.11 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses the file.Show less
CVE-2021-36895 1Tripetto 1Tripetto Nov 21, 2024 Apr 26, 2022 N/A· v4 6.1 MEDIUM· v3 4.3 MEDIUM· v2 Unauthenticated Cross-Site Scripting (XSS) vulnerability in Tripetto's Tripetto plugin <= 5.1.4 on WordPress via SVG image upload.