CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 0CVE-2024-50428 – WordPress Multi Step Form plugin <= 1.7.21 - Broken Access Control vulnerability
https://notcve.org/view.php?id=CVE-2024-50428
24 Oct 2024 — Missing Authorization vulnerability in Mondula GmbH Multi Step Form allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Multi Step Form: from n/a through 1.7.21. La vulnerabilidad de autorización faltante en Mondula GmbH Multi Step Form permite explotar niveles de seguridad de control de acceso configurados incorrectamente. Este problema afecta a Multi Step Form: desde n/a hasta 1.7.21. The Multi Step Form plugin for WordPress is vulnerable to unauthorized deletion of ... • https://patchstack.com/database/vulnerability/multi-step-form/wordpress-multi-step-form-plugin-1-7-21-broken-access-control-vulnerability?_s_id=cve • CWE-862: Missing Authorization •
CVSS: 6.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-25905 – WordPress Multi Step Form Plugin <= 1.7.18 is vulnerable to Cross Site Request Forgery (CSRF)
https://notcve.org/view.php?id=CVE-2024-25905
12 Feb 2024 — Cross-Site Request Forgery (CSRF) vulnerability in Mondula GmbH Multi Step Form.This issue affects Multi Step Form: from n/a through 1.7.18. Vulnerabilidad de Cross-Site Request Forgery (CSRF) en Multi Step Form de Mondula GmbH. Este problema afecta a Multi Step Form: desde n/a hasta 1.7.18. The Multi Step Form plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.7.18. This is due to missing or incorrect nonce validation on an unknown function. • https://patchstack.com/database/vulnerability/multi-step-form/wordpress-multi-step-form-plugin-1-7-17-cross-site-request-forgery-csrf-vulnerability?_s_id=cve • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 5.9EPSS: 0%CPEs: 1EXPL: 1CVE-2023-50832 – WordPress Multi Step Form Plugin <= 1.7.13 is vulnerable to Cross Site Scripting (XSS)
https://notcve.org/view.php?id=CVE-2023-50832
19 Dec 2023 — Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Mondula GmbH Multi Step Form allows Stored XSS.This issue affects Multi Step Form: from n/a through 1.7.13. Vulnerabilidad de neutralización incorrecta de la entrada durante la generación de páginas web ('Cross-site Scripting') en Mondula GmbH Multi Step Form permite XSS almacenado. Este problema afecta a Multi Step Form: desde n/a hasta 1.7.13. The Multi Step Form plugin for WordPress is vulnerable to Stor... • https://patchstack.com/database/vulnerability/multi-step-form/wordpress-multi-step-form-plugin-1-7-13-cross-site-scripting-xss-vulnerability?_s_id=cve • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2023-47758 – WordPress Multi Step Form Plugin <= 1.7.11 is vulnerable to Cross Site Request Forgery (CSRF)
https://notcve.org/view.php?id=CVE-2023-47758
13 Nov 2023 — Cross-Site Request Forgery (CSRF) vulnerability in Mondula GmbH Multi Step Form plugin <= 1.7.11 versions. Vulnerabilidad de Cross-Site Request Forgery (CSRF) en el complemento Multi Step Form de Mondula GmbH en versiones <=1.7.11. The Multi Step Form plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.7.12. This is due to missing or incorrect nonce validation on the menu() function. This makes it possible for unauthenticated attackers to duplicate, ed... • https://patchstack.com/database/vulnerability/multi-step-form/wordpress-multi-step-form-plugin-1-7-11-cross-site-request-forgery-csrf-vulnerability?_s_id=cve • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 1CVE-2022-4196 – Multi Step Form < 1.7.8 - Admin+ Stored XSS
https://notcve.org/view.php?id=CVE-2022-4196
17 Dec 2022 — The Multi Step Form WordPress plugin before 1.7.8 does not sanitise and escape some of its form fields, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup). El complemento Multi Step Form de WordPress anterior a 1.7.8 no sanitiza ni escapa algunos de sus campos de formulario, lo que podría permitir a usuarios con privilegios elevados, como el administrador, realizar cross-s... • https://wpscan.com/vulnerability/dfbc61ef-3fe4-4bab-904a-480b073d4e88 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.4EPSS: 0%CPEs: 1EXPL: 3CVE-2018-14846 – Multi Step Form <= 1.2.5 - Stored Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2018-14846
27 Jul 2018 — The Mondula Multi Step Form plugin before 1.2.8 for WordPress has multiple stored XSS via wp-admin/admin-ajax.php. El plugin Mondula Multi Step Form en versiones anteriores a la 1.2.8 para WordPress tiene múltiples vulnerabilidades Cross-Site Scripting (XSS) persistente mediante wp-admin/admin-ajax.php. The Mondula Multi Step Form plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘fw_wizard_save’ action in versions up to, and including, 1.2.5 due to insufficient input sanitization an... • https://ansawaf.blogspot.com/2018/10/cve-2018-14846-multiple-stored-xss-in.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 2CVE-2018-14430 – Multi Step Form <= 1.2.5 - Reflected Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2018-14430
20 Jul 2018 — The Mondula Multi Step Form plugin through 1.2.5 for WordPress allows XSS via the fw_data [id][1], fw_data [id][2], fw_data [id][3], fw_data [id][4], or email field of the contact form, exploitable with an fw_send_email action to wp-admin/admin-ajax.php. El plugin Mondula Multi Step Form hasta la versión 1.2.5 para WordPress permite Cross-Site Scripting (XSS) mediante los campos fw_data [id][1], fw_data [id][2], fw_data [id][3], fw_data [id][4] o email del formulario de contacto, explotable mediante una acc... • https://hackpuntes.com/cve-2018-14430-wordpress-plugin-multi-step-form-125-multiples-xss-reflejados • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •