🔎 Have you found a vulnerability in a WordPress plugin or theme? Report vulnerabilities in WordPress plugins and themes through our bug bounty program and earn a bounty on all in-scope submissions, while we handle the responsible disclosure process on your behalf.

cformsII

Wordfence Intelligence > Vulnerability Database > WordPress Plugins > cformsII

Information

Software Type	Plugin
Software Slug	cforms2 (view on wordpress.org)
Software Status	Active
Software Author	bgermann
Software Website	wordpress.org
Software Downloads	243,199
Software Active Installs	6,000
Software Record Last Updated	July 26, 2024

11 Vulnerabilities

CformsII <= 15.0.5 - Unauthenticated stored Cross-Site Scripting

7.2

CVE-2024-22149

Jan 15, 2024

Researcher: emad

CformsII <= 15.0.5 - Authenticated (Administrator+) Stored Cross-Site Scripting

4.4

CVE-2023-52203

Jan 3, 2024

Researcher: emad

cformsII <= 15.0.4 - Cross-Site Request Forgery leading to Settings Updates

4.3

CVE-2023-25449

Mar 8, 2023

Researcher: Rio Darmawan

CformsII <= 15.0.1 - Unauthenticated HTML Injection & Cross-Site Request Forgery

8.8

CVE-2019-15238

Aug 12, 2019

Researcher: Jerome Bruandet

cformsII <= 14.13.2 - Cross-Site Scripting

6.1

CVE-2017-18559

Apr 28, 2017

Researchers:

cformsII <= 14.12.3 - Authenticated SQL Injection

7.2

CVE-2017-18570

Apr 24, 2017

Researchers:

cformsII < 14.6.10 - SQL Injection

9.8

CVE-2015-9333

Apr 11, 2015

Researchers:

cformsII < 14.8 - Arbitrary File Upload

9.8

CVE-2014-9473

Dec 29, 2014

Researcher: Zakhar Fedotkin

cformsII <= 13.1 - Cross-Site Scripting

6.1

CVE-2014-10377

Oct 16, 2014

Researchers:

CformsII <= 14.10.1 - CAPTCHA Bypass

5.3

CVE ID Unknown

Dec 15, 2010

Researcher: TheLightCosine

CformsII <=11.5 - Cross-Site Scripting

6.1

CVE-2010-3977

Nov 2, 2010

Researchers:

Title	Status	CVE ID	CVSS	Researchers	Date
CformsII <= 15.0.5 - Unauthenticated stored Cross-Site Scripting	Unpatched	CVE-2024-22149	7.2	emad	January 15, 2024
CformsII <= 15.0.5 - Authenticated (Administrator+) Stored Cross-Site Scripting	Unpatched	CVE-2023-52203	4.4	emad	January 3, 2024
cformsII <= 15.0.4 - Cross-Site Request Forgery leading to Settings Updates	Patched	CVE-2023-25449	4.3	Rio Darmawan	March 8, 2023
CformsII <= 15.0.1 - Unauthenticated HTML Injection & Cross-Site Request Forgery	Patched	CVE-2019-15238	8.8	Jerome Bruandet	August 12, 2019
cformsII <= 14.13.2 - Cross-Site Scripting	Patched	CVE-2017-18559	6.1		April 28, 2017
cformsII <= 14.12.3 - Authenticated SQL Injection	Patched	CVE-2017-18570	7.2		April 24, 2017
cformsII < 14.6.10 - SQL Injection	Patched	CVE-2015-9333	9.8		April 11, 2015
cformsII < 14.8 - Arbitrary File Upload	Patched	CVE-2014-9473	9.8	Zakhar Fedotkin	December 29, 2014
cformsII <= 13.1 - Cross-Site Scripting	Patched	CVE-2014-10377	6.1		October 16, 2014
CformsII <= 14.10.1 - CAPTCHA Bypass	Patched		5.3	TheLightCosine	December 15, 2010
CformsII <=11.5 - Cross-Site Scripting	Patched	CVE-2010-3977	6.1		November 2, 2010

Did you know Wordfence Intelligence provides free personal and commercial API access to our comprehensive WordPress vulnerability database, along with a free webhook integration to stay on top of the latest vulnerabilities added and updated in the database? Get started today!

Learn more

Want to get notified of the latest vulnerabilities that may affect your WordPress site?
Install Wordfence on your site today to get notified immediately if your site is affected by a vulnerability that has been added to our database.

Get Wordfence

The Wordfence Intelligence WordPress vulnerability database is completely free to access and query via API. Please review the documentation on how to access and consume the vulnerability data via API.

Documentation