cformsII

Information

Software Type Plugin
Software Slug cforms2 (view on wordpress.org)
Software Status Active
Software Author bgermann
Software Website wordpress.org
Software Downloads 242,755
Software Active Installs 6,000
Software Record Last Updated June 22, 2024

11 Vulnerabilities

Title Status CVE ID CVSS Researchers Date
cformsII < 14.6.10 - SQL Injection Patched CVE-2015-9333 9.8 April 11, 2015
cformsII < 14.8 - Arbitrary File Upload Patched CVE-2014-9473 9.8 Zakhar Fedotkin December 29, 2014
CformsII <= 15.0.1 - Unauthenticated HTML Injection & Cross-Site Request Forgery Patched CVE-2019-15238 8.8 Jerome Bruandet August 12, 2019
CformsII <= 15.0.5 - Unauthenticated stored Cross-Site Scripting Unpatched CVE-2024-22149 7.2 emad January 15, 2024
cformsII <= 14.12.3 - Authenticated SQL Injection Patched CVE-2017-18570 7.2 April 24, 2017
cformsII <= 14.13.2 - Cross-Site Scripting Patched CVE-2017-18559 6.1 April 28, 2017
cformsII <= 13.1 - Cross-Site Scripting Patched CVE-2014-10377 6.1 October 16, 2014
CformsII <=11.5 - Cross-Site Scripting Patched CVE-2010-3977 6.1 November 2, 2010
CformsII <= 14.10.1 - CAPTCHA Bypass Patched 5.3 TheLightCosine December 15, 2010
CformsII <= 15.0.5 - Authenticated (Administrator+) Stored Cross-Site Scripting Unpatched CVE-2023-52203 4.4 emad January 3, 2024
cformsII <= 15.0.4 - Cross-Site Request Forgery leading to Settings Updates Patched CVE-2023-25449 4.3 Rio Darmawan March 8, 2023

Did you know Wordfence Intelligence provides free personal and commercial API access to our comprehensive WordPress vulnerability database, along with a free webhook integration to stay on top of the latest vulnerabilities added and updated in the database? Get started today!

Learn more

Want to get notified of the latest vulnerabilities that may affect your WordPress site?
Install Wordfence on your site today to get notified immediately if your site is affected by a vulnerability that has been added to our database.

Get Wordfence

The Wordfence Intelligence WordPress vulnerability database is completely free to access and query via API. Please review the documentation on how to access and consume the vulnerability data via API.

Documentation