CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2023-47779 – WordPress Integration for Contact Form 7 and Constant Contact Plugin <= 1.1.4 is vulnerable to Open Redirection
https://notcve.org/view.php?id=CVE-2023-47779
URL Redirection to Untrusted Site ('Open Redirect') vulnerability in CRM Perks. Integration for Constant Contact and Contact Form 7, WPForms, Elementor, Ninja Forms.This issue affects Integration for Constant Contact and Contact Form 7, WPForms, Elementor, Ninja Forms: from n/a through 1.1.4. Vulnerabilidad de redirección de URL a un sitio que no es de confianza ("Open Redirect") en CRM Perks. Integración para Constant Contact y Contact Form 7, WPForms, Elementor, Ninja Forms. Este problema afecta la integración para Constant Contact y Contact Form 7, WPForms, Elementor, Ninja Forms: desde n/a hasta 1.1.4. • https://patchstack.com/database/vulnerability/cf7-constant-contact/wordpress-integration-for-contact-form-7-and-constant-contact-plugin-1-1-4-open-redirection-vulnerability?_s_id=cve • CWE-601: URL Redirection to Untrusted Site ('Open Redirect') •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2023-38481 – WordPress Integration for WooCommerce and Zoho CRM Plugin < 1.3.7 is vulnerable to Open Redirection
https://notcve.org/view.php?id=CVE-2023-38481
URL Redirection to Untrusted Site ('Open Redirect') vulnerability in CRM Perks Integration for WooCommerce and Zoho CRM, Books, Invoice, Inventory, Bigin.This issue affects Integration for WooCommerce and Zoho CRM, Books, Invoice, Inventory, Bigin: from n/a before 1.3.7. Vulnerabilidad de redireccionamiento de URL a un sitio que no es de confianza ('Open Redirect') en CRM Perks Integration for WooCommerce and Zoho CRM, Books, Invoice, Inventory, Bigin. Este problema afecta a Integration for WooCommerce and Zoho CRM, Books, Invoice, Inventory, Bigin: desde n /a antes de 1.3.7. The Integration for WooCommerce and Zoho CRM plugin for WordPress is vulnerable to Open Redirect in versions up to, and including, 1.3.6. This is due to insufficient validation on the redirect url supplied via the setup_plugin parameter. • https://patchstack.com/database/vulnerability/woo-zoho/wordpress-integration-for-woocommerce-and-zoho-crm-plugin-1-3-7-open-redirection-vulnerability?_s_id=cve • CWE-601: URL Redirection to Untrusted Site ('Open Redirect') •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2023-38478 – WordPress Integration for WooCommerce and QuickBooks Plugin <= 1.2.3 is vulnerable to Open Redirection
https://notcve.org/view.php?id=CVE-2023-38478
URL Redirection to Untrusted Site ('Open Redirect') vulnerability in CRM Perks Integration for WooCommerce and QuickBooks.This issue affects Integration for WooCommerce and QuickBooks: from n/a through 1.2.3. Vulnerabilidad de redireccionamiento de URL a un sitio que no es de confianza ("Open Redirect") en CRM Perks Integration for WooCommerce and QuickBooks. Este problema afecta a Integration for WooCommerce and QuickBooks: desde n/a hasta 1.2.3. The Integration for WooCommerce and QuickBooks plugin for WordPress is vulnerable to Open Redirect in versions up to, and including, 1.2.3. This is due to insufficient validation on the redirect url supplied by the user in the setup_plugin function. • https://patchstack.com/database/vulnerability/wp-woocommerce-quickbooks/wordpress-integration-for-woocommerce-and-quickbooks-plugin-1-2-3-open-redirection-vulnerability?_s_id=cve • CWE-601: URL Redirection to Untrusted Site ('Open Redirect') •
CVSS: 7.1EPSS: 0%CPEs: 1EXPL: 0CVE-2023-37982 – WordPress Integration for Contact Form 7 and Salesforce Plugin <= 1.3.3 is vulnerable to Open Redirection
https://notcve.org/view.php?id=CVE-2023-37982
URL Redirection to Untrusted Site ('Open Redirect') vulnerability in CRM Perks Integration for Salesforce and Contact Form 7, WPForms, Elementor, Ninja Forms.This issue affects Integration for Salesforce and Contact Form 7, WPForms, Elementor, Ninja Forms: from n/a through 1.3.3. Vulnerabilidad de redirección de URL a sitio no confiable ("Open Redirect") en CRM Perks Integration for Salesforce and Contact Form 7, WPForms, Elementor, Ninja Forms. Este problema afecta a Integration for Salesforce and Contact Form 7, WPForms, Elementor, Ninja Forms: desde n /a hasta 1.3.3. The Integration for Contact Form 7 and Salesforce plugin for WordPress is vulnerable to Open Redirect in versions up to, and including, 1.3.3. This is due to insufficient validation on a user-supplied parameter. • https://patchstack.com/database/vulnerability/cf7-salesforce/wordpress-integration-for-contact-form-7-and-salesforce-plugin-1-3-3-open-redirection-vulnerability?_s_id=cve • CWE-601: URL Redirection to Untrusted Site ('Open Redirect') •
CVSS: 4.8EPSS: 0%CPEs: 1EXPL: 1CVE-2023-2836 – CRM Perks Forms <= 1.1.1 - Authenticated (Admin+) Stored Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2023-2836
The CRM Perks Forms plugin for WordPress is vulnerable to Stored Cross-Site Scripting via form settings in versions up to, and including, 1.1.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled. El plugin CRM Perks Forms para WordPress es vulnerable a Cross-Site Scripting Almacenado a través de la configuración de formularios en versiones hasta la v1.1.1 inclusive debido a la insuficiente sanitización de entrada y escape de salida. Esto hace posible que atacantes autenticados, con permisos de nivel de administrador y superiores, inyecten scripts web arbitrarios en páginas que se ejecutarán cada vez que un usuario acceda a una página inyectada. • https://github.com/Don-H50/wp-vul/blob/main/CPF-xss-exploit.md https://plugins.trac.wordpress.org/changeset/2917582 https://www.wordfence.com/threat-intel/vulnerabilities/id/de11636b-a051-4e76-bc26-ed76f66fe0df?source=cve • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •