Filtered by vendor Crmperks
Subscribe
Total
27 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2024-37463 | 1 Crmperks | 1 Crm Perks Forms | 2025-02-07 | N/A | 5.3 MEDIUM |
| Missing Authorization vulnerability in CRM Perks CRM Perks Forms allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects CRM Perks Forms: from n/a through 1.1.5. | |||||
| CVE-2023-2527 | 1 Crmperks | 1 Integration For Contact Form 7 And Zoho Crm\, Bigin | 2024-12-12 | N/A | 4.8 MEDIUM |
| The Integration for Contact Form 7 and Zoho CRM, Bigin WordPress plugin before 1.2.4 does not properly sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by high privilege users such as admin | |||||
| CVE-2023-33311 | 1 Crmperks | 1 Contact Form Entries - Contact Form 7 Wpforms And More | 2024-11-21 | N/A | 6.5 MEDIUM |
| Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in CRM Perks Contact Form Entries plugin <= 1.3.0 versions. | |||||
| CVE-2023-25976 | 1 Crmperks | 1 Integration For Contact Form 7 And Zoho Crm\, Bigin | 2024-11-21 | N/A | 4.3 MEDIUM |
| Cross-Site Request Forgery (CSRF) vulnerability in CRM Perks Integration for Contact Form 7 and Zoho CRM, Bigin plugin <= 1.2.2 versions. | |||||
| CVE-2022-38467 | 1 Crmperks | 1 Crm Perks Forms | 2024-11-21 | N/A | 6.1 MEDIUM |
| Reflected Cross-Site Scripting (XSS) vulnerability in CRM Perks Forms – WordPress Form Builder <= 1.1.0 ver. | |||||
| CVE-2021-25080 | 1 Crmperks | 1 Contact Form Entries | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| The Contact Form Entries WordPress plugin before 1.1.7 does not validate, sanitise and escape the IP address retrieved via headers such as CLIENT-IP and X-FORWARDED-FOR, allowing unauthenticated attackers to perform Cross-Site Scripting attacks against logged in admins viewing the created entry | |||||
| CVE-2021-25079 | 1 Crmperks | 1 Contact Form Entries | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| The Contact Form Entries WordPress plugin before 1.2.4 does not sanitise and escape various parameters, such as form_id, status, end_date, order, orderby and search before outputting them back in the admin page | |||||