CVSS: 4.8EPSS: 0%CPEs: 1EXPL: 0CVE-2021-36896 – WordPress Pricing Table plugin <= 1.5.2 - Authenticated Stored Cross-Site Scripting (XSS) vulnerability
https://notcve.org/view.php?id=CVE-2021-36896
05 Apr 2022 — Authenticated (author or higher user role) Stored Cross-Site Scripting (XSS) vulnerability in Pricing Table (WordPress plugin) versions <= 1.5.2 Una vulnerabilidad de tipo Cross-Site Scripting (XSS) Almacenado Autenticado (autor o rol de usuario superior) en Pricing Table (plugin de WordPress) versiones anteriores a 1.5.2 incluyéndola • https://patchstack.com/database/vulnerability/pricing-table/wordpress-pricing-table-plugin-1-5-2-authenticated-stored-cross-site-scripting-xss-vulnerability • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2017-18497 – WordPress Contact Form, Drag and Drop Form Builder Plugin – Live Forms <= 3.2.1 - Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2017-18497
21 Aug 2017 — The liveforms plugin before 3.4.0 for WordPress has XSS. El complemento liveforms anterior a 3.4.0 para WordPress tiene XSS The liveforms plugin before 3.4.0 for WordPress has XSS via several parameters. • https://wordpress.org/plugins/liveforms/#developers • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2015-9301 – WordPress Contact Form, Drag and Drop Form Builder Plugin – Live Forms < 3.2.0 - SQL Injection
https://notcve.org/view.php?id=CVE-2015-9301
11 Mar 2015 — The liveforms plugin before 3.2.0 for WordPress has SQL injection. El complemento liveforms anterior a 3.2.0 para WordPress tiene inyección SQL. The WordPress Contact Form, Drag and Drop Form Builder Plugin – Live Forms plugin for WordPress is vulnerable to generic SQL Injection via the 'status', 'query_status' and 'form_id' parameters in versions up to, and including, 3.0.1 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes i... • https://wordpress.org/plugins/liveforms/#developers • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •