🧹It's time for some spring cleaning! All researchers earn over 6.25x our normal bounty rates, through May 27th, 2024, when Wordfence handles responsible disclosure for our Spring Cleaning Bug Extravaganza! Learn more about our bug bounty program
Register as a researcher and submit your vulnerabilities today!

CRM Perks Forms – WordPress Form Builder

Wordfence Intelligence > Vulnerability Database > WordPress Plugins > CRM Perks Forms – WordPress Form Builder

Information

Software Type	Plugin
Software Slug	crm-perks-forms (view on wordpress.org)
Software Status	Active
Software Author	crmperks
Software Website	www.crmperks.com
Software Downloads	28,783
Software Active Installs	2,000
Software Record Last Updated	May 14, 2024

6 Vulnerabilities

CRM Perks Forms <= 1.1.2 - Authenticated (Administrator+) Stored Cross-Site Scripting

4.4

CVE-2023-51536

Dec 27, 2023

Researcher: Ngô Thiên An (ancorn_)

CRM Perks Forms <= 1.1.1 - Authenticated (Admin+) Stored Cross-Site Scripting

4.4

CVE-2023-2836

May 30, 2023

Researcher: Dongzhu Li

CRM Perks Forms <= 1.1.0 - Reflected Cross-Site Scripting

6.1

CVE-2022-38467

Sep 30, 2022

Researcher: Tien Nguyen Ahn

CRM Perks Forms <= 1.1.4 - Authenticated (Contributor+) Stored Cross-Site Scripting

6.4

CVE-2024-30446

Mar 28, 2024

Researcher: LVT-tholv2k

CRM Perks Forms <= 1.1.4 - Authenticated (Contributor+) SQL Injection

9.9

CVE-2024-30499

Mar 28, 2024

Researcher: LVT-tholv2k

CRM Perks Forms <= 1.1.4 - Unauthenticated SQL Injection

10.0

CVE-2024-30498

Mar 28, 2024

Researcher: LVT-tholv2k

Title	Status	CVE ID	CVSS	Researchers	Date
CRM Perks Forms <= 1.1.2 - Authenticated (Administrator+) Stored Cross-Site Scripting	Patched	CVE-2023-51536	4.4	Ngô Thiên An (ancorn_)	December 27, 2023
CRM Perks Forms <= 1.1.1 - Authenticated (Admin+) Stored Cross-Site Scripting	Patched	CVE-2023-2836	4.4	Dongzhu Li	May 30, 2023
CRM Perks Forms <= 1.1.0 - Reflected Cross-Site Scripting	Patched	CVE-2022-38467	6.1	Tien Nguyen Ahn	September 30, 2022
CRM Perks Forms <= 1.1.4 - Authenticated (Contributor+) Stored Cross-Site Scripting	Patched	CVE-2024-30446	6.4	LVT-tholv2k	March 28, 2024
CRM Perks Forms <= 1.1.4 - Authenticated (Contributor+) SQL Injection	Patched	CVE-2024-30499	9.9	LVT-tholv2k	March 28, 2024
CRM Perks Forms <= 1.1.4 - Unauthenticated SQL Injection	Patched	CVE-2024-30498	10.0	LVT-tholv2k	March 28, 2024

Did you know Wordfence Intelligence provides free personal and commercial API access to our comprehensive WordPress vulnerability database, along with a free webhook integration to stay on top of the latest vulnerabilities added and updated in the database? Get started today!

Learn more

Want to get notified of the latest vulnerabilities that may affect your WordPress site?
Install Wordfence on your site today to get notified immediately if your site is affected by a vulnerability that has been added to our database.

Get Wordfence

The Wordfence Intelligence WordPress vulnerability database is completely free to access and query via API. Please review the documentation on how to access and consume the vulnerability data via API.

Documentation