🎁Wordfence just launched its bug bounty program. From today through December 20th 2023, all researchers will earn 6.25x our normal bounty rates when Wordfence handles responsible disclosure for our Holiday Bug Extravaganza! Register as a researcher and submit your vulnerabilities today!🎁

cformsII

Wordfence Intelligence > Vulnerability Database > WordPress Plugins > cformsII

Information

Software Type	Plugin
Software Slug	cforms2 (view on wordpress.org)
Software Status	Active
Software Author	bgermann
Software Website	wordpress.org
Software Downloads	237,182
Software Active Installs	6,000
Software Record Last Updated	December 4, 2023

9 Vulnerabilities

cformsII <= 15.0.4 - Cross-Site Request Forgery leading to Settings Updates

4.3

CVE-2023-25449

Mar 8, 2023

Researcher: Rio Darmawan

CformsII <= 15.0.1 - Unauthenticated HTML Injection & Cross-Site Request Forgery

8.8

CVE-2019-15238

Aug 12, 2019

Researcher: Jerome Bruandet

cformsII <= 14.13.2 - Cross-Site Scripting

6.1

CVE-2017-18559

Apr 28, 2017

Researchers:

cformsII <= 14.12.3 - Authenticated SQL Injection

7.2

CVE-2017-18570

Apr 24, 2017

Researchers:

cformsII < 14.6.10 - SQL Injection

9.8

CVE-2015-9333

Apr 11, 2015

Researchers:

cformsII < 14.8 - Arbitrary File Upload

9.8

CVE-2014-9473

Dec 29, 2014

Researcher: Zakhar Fedotkin

cformsII <= 13.1 - Cross-Site Scripting

6.1

CVE-2014-10377

Oct 16, 2014

Researchers:

CformsII <= 14.10.1 - CAPTCHA Bypass

5.3

CVE ID Unknown

Dec 15, 2010

Researcher: TheLightCosine

CformsII <=11.5 - Cross-Site Scripting

6.1

CVE-2010-3977

Nov 2, 2010

Researchers:

Title	CVE ID	CVSS	Researchers	Date
cformsII <= 15.0.4 - Cross-Site Request Forgery leading to Settings Updates	CVE-2023-25449	4.3	Rio Darmawan	March 8, 2023
CformsII <= 15.0.1 - Unauthenticated HTML Injection & Cross-Site Request Forgery	CVE-2019-15238	8.8	Jerome Bruandet	August 12, 2019
cformsII <= 14.13.2 - Cross-Site Scripting	CVE-2017-18559	6.1		April 28, 2017
cformsII <= 14.12.3 - Authenticated SQL Injection	CVE-2017-18570	7.2		April 24, 2017
cformsII < 14.6.10 - SQL Injection	CVE-2015-9333	9.8		April 11, 2015
cformsII < 14.8 - Arbitrary File Upload	CVE-2014-9473	9.8	Zakhar Fedotkin	December 29, 2014
cformsII <= 13.1 - Cross-Site Scripting	CVE-2014-10377	6.1		October 16, 2014
CformsII <= 14.10.1 - CAPTCHA Bypass		5.3	TheLightCosine	December 15, 2010
CformsII <=11.5 - Cross-Site Scripting	CVE-2010-3977	6.1		November 2, 2010

Did you know Wordfence Intelligence provides free personal and commercial API access to our comprehensive WordPress vulnerability database, along with a free webhook integration to stay on top of the latest vulnerabilities added and updated in the database? Get started today!

Learn more

Want to get notified of the latest vulnerabilities that may affect your WordPress site?
Install Wordfence on your site today to get notified immediately if your site is affected by a vulnerability that has been added to our database.

Get Wordfence

The Wordfence Intelligence WordPress vulnerability database is completely free to access and query via API. Please review the documentation on how to access and consume the vulnerability data via API.

Documentation