CVE-2024-12443 – CRM Perks – WordPress HelpDesk Integration – Zendesk, Freshdesk, HelpScout <= 1.1.6 - Authenticated (Contributor+) Stored Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2024-12443
16 Dec 2024 — The CRM Perks – WordPress HelpDesk Integration – Zendesk, Freshdesk, HelpScout plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'crm-perks-tickets' shortcode in all versions up to, and including, 1.1.6 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected... • https://plugins.trac.wordpress.org/browser/support-x/trunk/support-x.php#L210 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2024-7484 – CRM Perks Forms <= 1.1.3 - Authenticated (Administrator+) Arbitrary File Upload
https://notcve.org/view.php?id=CVE-2024-7484
05 Aug 2024 — The CRM Perks Forms plugin for WordPress is vulnerable to arbitrary file uploads due to insufficient file validation on the 'handle_uploaded_files' function in versions up to, and including, 1.1.3. This makes it possible for authenticated attackers with administrator-level capabilities or above, to upload arbitrary files on the affected site's server which may make remote code execution possible. El complemento CRM Perks Forms para WordPress es vulnerable a cargas de archivos arbitrarias debido a una valida... • https://plugins.trac.wordpress.org/browser/crm-perks-forms/trunk/includes/front-form.php?rev=3003885#L3271 • CWE-434: Unrestricted Upload of File with Dangerous Type •
CVE-2024-3715 – Database for Contact Form 7, WPforms, Elementor forms <= 1.3.8 - Unauthenticated Stored Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2024-3715
22 Apr 2024 — The Database for Contact Form 7, WPforms, Elementor forms plugin for WordPress is vulnerable to Stored Cross-Site Scripting in all versions up to, and including, 1.3.8 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. El complemento Database for Contact Form 7, WPforms, Elementor forms para WordPress es vulnerable a Cross-Site Scripting Almacena... • https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&new=3074165%40contact-form-entries%2Ftrunk&old=3066269%40contact-form-entries%2Ftrunk&sfp_email=&sfph_mail= • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2024-2030 – Database for Contact Form 7, WPforms, Elementor forms <= 1.3.3 - Authenticated(Contributor+) Stored Cross-Site Scripting via shortcode
https://notcve.org/view.php?id=CVE-2024-2030
06 Mar 2024 — The Database for Contact Form 7, WPforms, Elementor forms plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcode(s) in all versions up to, and including, 1.3.3 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. El complemento Database for ... • https://plugins.trac.wordpress.org/browser/contact-form-entries/trunk/contact-form-entries.php • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2024-1069 – Contact Form Entries <= 1.3.2 - Authenticated (Administrator+) Arbitrary File Upload
https://notcve.org/view.php?id=CVE-2024-1069
30 Jan 2024 — The Contact Form Entries plugin for WordPress is vulnerable to arbitrary file uploads due to insufficient file validation on the 'view_page' function in versions up to, and including, 1.3.2. This makes it possible for authenticated attackers with administrator-level capabilities or above, to upload arbitrary files on the affected site's server which may make remote code execution possible. El complemento Contact Form Entries para WordPress es vulnerable a cargas de archivos arbitrarios debido a una validaci... • https://plugins.trac.wordpress.org/browser/contact-form-entries/trunk/includes/plugin-pages.php?rev=3003884#L1213 • CWE-434: Unrestricted Upload of File with Dangerous Type •
CVE-2023-51536 – WordPress CRM Perks Forms Plugin <= 1.1.2 is vulnerable to Cross Site Scripting (XSS)
https://notcve.org/view.php?id=CVE-2023-51536
27 Dec 2023 — Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in CRM Perks CRM Perks Forms – WordPress Form Builder allows Stored XSS.This issue affects CRM Perks Forms – WordPress Form Builder: from n/a through 1.1.2. La vulnerabilidad de neutralización incorrecta de la entrada durante de generación de páginas web ('Cross-site Scripting') en CRM Perks Forms CRM Perks – WordPress Form Builder permite XSS almacenado. Este problema afecta a CRM Perks Forms – WordPress Form... • https://patchstack.com/database/vulnerability/crm-perks-forms/wordpress-crm-perks-forms-plugin-1-1-2-cross-site-scripting-xss-vulnerability?_s_id=cve • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2023-47779 – WordPress Integration for Contact Form 7 and Constant Contact Plugin <= 1.1.4 is vulnerable to Open Redirection
https://notcve.org/view.php?id=CVE-2023-47779
14 Nov 2023 — URL Redirection to Untrusted Site ('Open Redirect') vulnerability in CRM Perks. Integration for Constant Contact and Contact Form 7, WPForms, Elementor, Ninja Forms.This issue affects Integration for Constant Contact and Contact Form 7, WPForms, Elementor, Ninja Forms: from n/a through 1.1.4. Vulnerabilidad de redirección de URL a un sitio que no es de confianza ("Open Redirect") en CRM Perks. Integración para Constant Contact y Contact Form 7, WPForms, Elementor, Ninja Forms. Este problema afecta la integr... • https://patchstack.com/database/vulnerability/cf7-constant-contact/wordpress-integration-for-contact-form-7-and-constant-contact-plugin-1-1-4-open-redirection-vulnerability?_s_id=cve • CWE-601: URL Redirection to Untrusted Site ('Open Redirect') •
CVE-2023-38478 – WordPress Integration for WooCommerce and QuickBooks Plugin <= 1.2.3 is vulnerable to Open Redirection
https://notcve.org/view.php?id=CVE-2023-38478
20 Jul 2023 — URL Redirection to Untrusted Site ('Open Redirect') vulnerability in CRM Perks Integration for WooCommerce and QuickBooks.This issue affects Integration for WooCommerce and QuickBooks: from n/a through 1.2.3. Vulnerabilidad de redireccionamiento de URL a un sitio que no es de confianza ("Open Redirect") en CRM Perks Integration for WooCommerce and QuickBooks. Este problema afecta a Integration for WooCommerce and QuickBooks: desde n/a hasta 1.2.3. The Integration for WooCommerce and QuickBooks plugin for Wo... • https://patchstack.com/database/vulnerability/wp-woocommerce-quickbooks/wordpress-integration-for-woocommerce-and-quickbooks-plugin-1-2-3-open-redirection-vulnerability?_s_id=cve • CWE-601: URL Redirection to Untrusted Site ('Open Redirect') •
CVE-2023-38481 – WordPress Integration for WooCommerce and Zoho CRM Plugin < 1.3.7 is vulnerable to Open Redirection
https://notcve.org/view.php?id=CVE-2023-38481
20 Jul 2023 — URL Redirection to Untrusted Site ('Open Redirect') vulnerability in CRM Perks Integration for WooCommerce and Zoho CRM, Books, Invoice, Inventory, Bigin.This issue affects Integration for WooCommerce and Zoho CRM, Books, Invoice, Inventory, Bigin: from n/a before 1.3.7. Vulnerabilidad de redireccionamiento de URL a un sitio que no es de confianza ('Open Redirect') en CRM Perks Integration for WooCommerce and Zoho CRM, Books, Invoice, Inventory, Bigin. Este problema afecta a Integration for WooCommerce and ... • https://patchstack.com/database/vulnerability/woo-zoho/wordpress-integration-for-woocommerce-and-zoho-crm-plugin-1-3-7-open-redirection-vulnerability?_s_id=cve • CWE-601: URL Redirection to Untrusted Site ('Open Redirect') •
CVE-2023-37982 – WordPress Integration for Contact Form 7 and Salesforce Plugin <= 1.3.3 is vulnerable to Open Redirection
https://notcve.org/view.php?id=CVE-2023-37982
13 Jul 2023 — URL Redirection to Untrusted Site ('Open Redirect') vulnerability in CRM Perks Integration for Salesforce and Contact Form 7, WPForms, Elementor, Ninja Forms.This issue affects Integration for Salesforce and Contact Form 7, WPForms, Elementor, Ninja Forms: from n/a through 1.3.3. Vulnerabilidad de redirección de URL a sitio no confiable ("Open Redirect") en CRM Perks Integration for Salesforce and Contact Form 7, WPForms, Elementor, Ninja Forms. Este problema afecta a Integration for Salesforce and Contact ... • https://patchstack.com/database/vulnerability/cf7-salesforce/wordpress-integration-for-contact-form-7-and-salesforce-plugin-1-3-3-open-redirection-vulnerability?_s_id=cve • CWE-601: URL Redirection to Untrusted Site ('Open Redirect') •