NotCVE - vendor:"Easy Form"

5 results (0.003 seconds)

CVSS: 6.1EPSS: %CPEs: 1EXPL: 0

CVE-2025-27285 – Easy Form by AYS <= 2.6.9 - Reflected Cross-Site Scripting

https://notcve.org/view.php?id=CVE-2025-27285

21 Feb 2025 — The Easy Form by AYS plugin for WordPress is vulnerable to Reflected Cross-Site Scripting in versions up to, and including, 2.6.9 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 8.5EPSS: 0%CPEs: 1EXPL: 0

CVE-2025-24672 – WordPress Form Builder CP Plugin <= 1.2.41 - SQL Injection vulnerability

https://notcve.org/view.php?id=CVE-2025-24672

24 Jan 2025 — Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in CodePeople Form Builder CP allows SQL Injection. This issue affects Form Builder CP: from n/a through 1.2.41. The Form Builder CP plugin for WordPress is vulnerable to SQL Injection in versions up to, and including, 1.2.41 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers, with contribu... • https://patchstack.com/database/wordpress/plugin/cp-easy-form-builder/vulnerability/wordpress-form-builder-cp-plugin-1-2-41-sql-injection-vulnerability?_s_id=cve • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •

CVSS: 9.9EPSS: 0%CPEs: 1EXPL: 0

CVE-2024-30535 – WordPress Easy Form Builder plugin <= 3.7.4 - SQL Injection vulnerability

https://notcve.org/view.php?id=CVE-2024-30535

29 Mar 2024 — Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in WhiteStudio Easy Form Builder.This issue affects Easy Form Builder: from n/a through 3.7.4. Neutralización inadecuada de elementos especiales utilizados en una vulnerabilidad de comando SQL ("Inyección SQL") en Easy Form Builder de WhiteStudio para WordPress. Este problema afecta a Easy Form Builder: desde n/a hasta 3.7.4. The Easy Form Builder plugin for WordPress is vulnerable to SQL Injection in versions... • https://patchstack.com/database/vulnerability/easy-form-builder/wordpress-easy-form-builder-plugin-3-7-4-sql-injection-vulnerability?_s_id=cve • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •

CVSS: 8.8EPSS: 1%CPEs: 1EXPL: 1

CVE-2021-24224 – Easy Form Builder <= 1.0 - Authenticated Arbitrary File Upload

https://notcve.org/view.php?id=CVE-2021-24224

26 Mar 2021 — The EFBP_verify_upload_file AJAX action of the Easy Form Builder WordPress plugin through 1.0, available to authenticated users, does not have any security in place to verify uploaded files, allowing low privilege users to upload arbitrary files, leading to RCE. La acción AJAX EFBP_verify_upload_file del plugin Easy Form Builder WordPress versiones hasta 1.0, disponible para usuarios autenticados, no presenta ninguna seguridad para verificar los archivos cargados, permitiendo a usuarios poco privilegiados c... • https://github.com/jinhuang1102/CVE-ID-Reports/blob/e4c33529b20fa70e3a764ff9b1125839fb9900b5/Easy%20Form%20Builder.md • CWE-434: Unrestricted Upload of File with Dangerous Type •

CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 1

CVE-2021-24168 – Easy Contact Form Pro < 1.1.1.9 - Authenticated Stored Cross-Site Scripting (XSS)

https://notcve.org/view.php?id=CVE-2021-24168

15 Jan 2021 — The Easy Contact Form Pro WordPress plugin before 1.1.1.9 did not properly sanitise the text fields (such as Email Subject, Email Recipient, etc) when creating or editing a form, leading to an authenticated (author+) stored cross-site scripting issue. This could allow medium privilege accounts (such as author and editor) to perform XSS attacks against high privilege ones like administrator. El plugin de WordPress Easy Contact Form Pro versiones anteriores a 1.1.1.9 no saneaba apropiadamente los campos de te... • https://wpscan.com/vulnerability/bfaa7d79-904e-45f1-bc42-ddd90a65ce74 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •