CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2015-9333 – cformsII < 14.6.10 - SQL Injection
https://notcve.org/view.php?id=CVE-2015-9333
The cforms2 plugin before 14.6.10 for WordPress has SQL injection. El plugin cforms2 versiones anteriores a 14.6.10 para WordPress, presenta una inyección SQL. The cforms2 plugin before 14.6.10 for WordPress has SQL injection via several parameters. • https://wordpress.org/plugins/cforms2/#developers https://wpvulndb.com/vulnerabilities/9773 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 9.8EPSS: 3%CPEs: 1EXPL: 1CVE-2014-9473 – cformsII < 14.8 - Arbitrary File Upload
https://notcve.org/view.php?id=CVE-2014-9473
Unrestricted file upload vulnerability in lib_nonajax.php in the CformsII plugin 14.7 and earlier for WordPress allows remote attackers to execute arbitrary code by uploading a file with an executable extension via the cf_uploadfile2[] parameter, then accessing the file via a direct request to the file in the default upload directory. Vulnerabilidad de la subida de ficheros sin restricciones en lib_nonajax.php en el plugin CformsII 14.7 y anteriores para WordPress permite a atacantes remotos ejecutar código arbitrario mediante la subida de un fichero con una extensión ejecutable a través del parámetro cf_uploadfile2[], posteriormente accediendo a ello a través de una solicitud directa al fichero en el directorio de subidas por defecto. • https://www.exploit-db.com/exploits/35879 http://www.securityfocus.com/archive/1/534349/30/0/threaded https://wordpress.org/plugins/cforms2/changelog • CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2014-10377 – cformsII <= 13.1 - Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2014-10377
The cforms2 plugin before 13.2 for WordPress has XSS in lib_ajax.php. El plugin cforms2 anterior a la versión 13.2 para WordPress tiene XSS en lib_ajax.php. The cforms II(2) plugin before 13.2 for WordPress has XSS in lib_ajax.php. • https://wordpress.org/plugins/cforms2/#developers https://wpvulndb.com/vulnerabilities/9812 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2014-10392 – Cforms <= 10.1 - Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2014-10392
The cforms2 plugin before 10.2 for WordPress has XSS. El plugin cforms2 anterior a 10.2 para WordPress tiene XSS. The Cforms plugin for WordPress is vulnerable to Cross-Site Scripting in versions up to, and including, 10.1 due to insufficient input sanitization and output escaping. This makes it possible for attackers to inject arbitrary web scripts that execute in a victim's browser. • https://wordpress.org/plugins/cforms2/#developers https://wpvulndb.com/vulnerabilities/9621 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2014-10393 – cformsII <= 10.4 - Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2014-10393
The cforms2 plugin before 10.5 for WordPress has XSS. El plugin cforms2 anterior a 10.5 para WordPress tiene XSS. • https://wordpress.org/plugins/cforms2/#developers • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •