CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2017-18497 – WordPress Contact Form, Drag and Drop Form Builder Plugin – Live Forms <= 3.2.1 - Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2017-18497
21 Aug 2017 — The liveforms plugin before 3.4.0 for WordPress has XSS. El complemento liveforms anterior a 3.4.0 para WordPress tiene XSS The liveforms plugin before 3.4.0 for WordPress has XSS via several parameters. • https://wordpress.org/plugins/liveforms/#developers • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2015-9301 – WordPress Contact Form, Drag and Drop Form Builder Plugin – Live Forms < 3.2.0 - SQL Injection
https://notcve.org/view.php?id=CVE-2015-9301
11 Mar 2015 — The liveforms plugin before 3.2.0 for WordPress has SQL injection. El complemento liveforms anterior a 3.2.0 para WordPress tiene inyección SQL. The WordPress Contact Form, Drag and Drop Form Builder Plugin – Live Forms plugin for WordPress is vulnerable to generic SQL Injection via the 'status', 'query_status' and 'form_id' parameters in versions up to, and including, 3.0.1 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes i... • https://wordpress.org/plugins/liveforms/#developers • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •