Page 2 of 9 results (0.005 seconds)

CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0

The cforms2 plugin before 14.6.10 for WordPress has SQL injection. El plugin cforms2 versiones anteriores a 14.6.10 para WordPress, presenta una inyección SQL. The cforms2 plugin before 14.6.10 for WordPress has SQL injection via several parameters. • https://wordpress.org/plugins/cforms2/#developers https://wpvulndb.com/vulnerabilities/9773 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •

CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0

The cforms2 plugin before 13.2 for WordPress has XSS in lib_ajax.php. El plugin cforms2 anterior a la versión 13.2 para WordPress tiene XSS en lib_ajax.php. The cforms II(2) plugin before 13.2 for WordPress has XSS in lib_ajax.php. • https://wordpress.org/plugins/cforms2/#developers https://wpvulndb.com/vulnerabilities/9812 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0

The cforms2 plugin before 10.2 for WordPress has XSS. El plugin cforms2 anterior a 10.2 para WordPress tiene XSS. The Cforms plugin for WordPress is vulnerable to Cross-Site Scripting in versions up to, and including, 10.1 due to insufficient input sanitization and output escaping. This makes it possible for attackers to inject arbitrary web scripts that execute in a victim's browser. • https://wordpress.org/plugins/cforms2/#developers https://wpvulndb.com/vulnerabilities/9621 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0

The cforms2 plugin before 10.5 for WordPress has XSS. El plugin cforms2 anterior a 10.5 para WordPress tiene XSS. • https://wordpress.org/plugins/cforms2/#developers • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •