cformsII

Wordfence Intelligence   >   Vulnerability Database   >   WordPress Plugins   >   cformsII

Information

Software Type Plugin
Software Slug cforms2 (view on wordpress.org)
Software Status Active
Software Author bgermann
Software Website wordpress.org
Software Downloads 242,324
Software Active Installs 6,000
Software Record Last Updated May 18, 2024

11 Vulnerabilities

CformsII <=11.5 - Cross-Site Scripting
6.1
CVE-2010-3977
Nov 2, 2010
Researchers:
CformsII <= 14.10.1 - CAPTCHA Bypass
5.3
CVE ID Unknown
Dec 15, 2010
Researcher: TheLightCosine
cformsII <= 13.1 - Cross-Site Scripting
6.1
CVE-2014-10377
Oct 16, 2014
Researchers:
cformsII < 14.8 - Arbitrary File Upload
9.8
CVE-2014-9473
Dec 29, 2014
Researcher: Zakhar Fedotkin
cformsII < 14.6.10 - SQL Injection
9.8
CVE-2015-9333
Apr 11, 2015
Researchers:
cformsII <= 14.12.3 - Authenticated SQL Injection
7.2
CVE-2017-18570
Apr 24, 2017
Researchers:
cformsII <= 14.13.2 - Cross-Site Scripting
6.1
CVE-2017-18559
Apr 28, 2017
Researchers:
CformsII <= 15.0.1 - Unauthenticated HTML Injection & Cross-Site Request Forgery
8.8
CVE-2019-15238
Aug 12, 2019
Researcher: Jerome Bruandet
cformsII <= 15.0.4 - Cross-Site Request Forgery leading to Settings Updates
4.3
CVE-2023-25449
Mar 8, 2023
Researcher: Rio Darmawan
CformsII <= 15.0.5 - Authenticated (Administrator+) Stored Cross-Site Scripting
4.4
CVE-2023-52203
Jan 3, 2024
Researcher: emad
CformsII <= 15.0.5 - Unauthenticated stored Cross-Site Scripting
7.2
CVE-2024-22149
Jan 15, 2024
Researcher: emad
Title Status CVE ID CVSS Researchers Date
CformsII <=11.5 - Cross-Site Scripting Patched CVE-2010-3977 6.1 November 2, 2010
CformsII <= 14.10.1 - CAPTCHA Bypass Patched 5.3 TheLightCosine December 15, 2010
cformsII <= 13.1 - Cross-Site Scripting Patched CVE-2014-10377 6.1 October 16, 2014
cformsII < 14.8 - Arbitrary File Upload Patched CVE-2014-9473 9.8 Zakhar Fedotkin December 29, 2014
cformsII < 14.6.10 - SQL Injection Patched CVE-2015-9333 9.8 April 11, 2015
cformsII <= 14.12.3 - Authenticated SQL Injection Patched CVE-2017-18570 7.2 April 24, 2017
cformsII <= 14.13.2 - Cross-Site Scripting Patched CVE-2017-18559 6.1 April 28, 2017
CformsII <= 15.0.1 - Unauthenticated HTML Injection & Cross-Site Request Forgery Patched CVE-2019-15238 8.8 Jerome Bruandet August 12, 2019
cformsII <= 15.0.4 - Cross-Site Request Forgery leading to Settings Updates Patched CVE-2023-25449 4.3 Rio Darmawan March 8, 2023
CformsII <= 15.0.5 - Authenticated (Administrator+) Stored Cross-Site Scripting Unpatched CVE-2023-52203 4.4 emad January 3, 2024
CformsII <= 15.0.5 - Unauthenticated stored Cross-Site Scripting Unpatched CVE-2024-22149 7.2 emad January 15, 2024

Did you know Wordfence Intelligence provides free personal and commercial API access to our comprehensive WordPress vulnerability database, along with a free webhook integration to stay on top of the latest vulnerabilities added and updated in the database? Get started today!

Learn more

Want to get notified of the latest vulnerabilities that may affect your WordPress site?
Install Wordfence on your site today to get notified immediately if your site is affected by a vulnerability that has been added to our database.

Get Wordfence

The Wordfence Intelligence WordPress vulnerability database is completely free to access and query via API. Please review the documentation on how to access and consume the vulnerability data via API.

Documentation