CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2025-31434 – WordPress FormLift for Infusionsoft Web Forms <= 7.5.19 - Cross Site Scripting (XSS) Vulnerability
https://notcve.org/view.php?id=CVE-2025-31434
28 Mar 2025 — Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Adrian Tobey FormLift for Infusionsoft Web Forms allows Stored XSS. This issue affects FormLift for Infusionsoft Web Forms: from n/a through 7.5.19. The FormLift for Infusionsoft Web Forms plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 7.5.19 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, wi... • https://patchstack.com/database/wordpress/plugin/formlift/vulnerability/wordpress-formlift-for-infusionsoft-web-forms-7-5-19-cross-site-scripting-xss-vulnerability?_s_id=cve • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2024-38773 – WordPress formlift plugin <= 7.5.17 - Unauthenticated Blind SQL Injection vulnerability
https://notcve.org/view.php?id=CVE-2024-38773
19 Jul 2024 — Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Adrian Tobey FormLift for Infusionsoft Web Forms allows Blind SQL Injection.This issue affects FormLift for Infusionsoft Web Forms: from n/a through 7.5.17. Vulnerabilidad de neutralización incorrecta de elementos especiales usados en comando SQL ('inyección SQL') en Adrian Tobey FormLift para Infusionsoft Web Forms permite la inyección ciega de SQL. Este problema afecta a FormLift para Infusionsoft Web For... • https://patchstack.com/database/vulnerability/formlift/wordpress-formlift-plugin-7-5-17-unauthenticated-blind-sql-injection-vulnerability?_s_id=cve • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •