Vulnerabilities and security researches foradvanced-form-integration advanced-form-integration
Direction: ascendingJun 07, 2024
Advanced Form Integration – Connect WooCommerce and Contact Form 7 to Google Sheets and other platforms # CVE-2024-2387
- CVE, Research URL
- Date
- Mar 20, 2024
- Research Description
- The Advanced Form Integration – Connect WooCommerce and Contact Form 7 to Google Sheets and other platforms plugin for WordPress is vulnerable to SQL Injection via the ‘integration_id’ parameter in all versions up to, and including, 1.82.0 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for unauthenticated attackers to append additional SQL queries into already existing queries and subsequently inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.
- Affected versions
-
max 1.82.6.
- Status
-
vulnerable
Advanced Form Integration – Connect WooCommerce and Contact Form 7 to Google Sheets and other platforms # d6851c635532764da1ccfbf213f9eb9da674c698
- CVE, Research URL
- Date
- Feb 28, 2022
- Research Description
- AFI – The Easiest Integration Plugin [advanced-form-integration] < 1.49.0 WordPress "Connect Contact Form 7, WooCommerce To Google Sheets & Other Platforms – Advanced Form Integration" plugin < 1.49.0 - Sensitive Information Disclosure vulnerability Sensitive Information Disclosure vulnerability discovered in WordPress "Connect Contact Form 7, WooCommerce To Google Sheets & Other Platforms – Advanced Form Integration" plugin (versions < 1.49.0).
- Affected versions
-
max 1.49.0.
- Status
-
vulnerable
Advanced Form Integration – Connect WooCommerce and Contact Form 7 to Google Sheets and other platforms # CVE-2022-47173
- CVE, Research URL
- Date
- Mar 23, 2023
- Research Description
- Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in nasirahmed Connect Contact Form 7, WooCommerce To Google Sheets & Other Platforms – Advanced Form Integration plugin <= 1.62.0 versions.
- Affected versions
-
max 1.69.1.
- Status
-
vulnerable
Advanced Form Integration – Connect WooCommerce and Contact Form 7 to Google Sheets and other platforms # CVE-2023-50853
- CVE, Research URL
- Date
- Dec 28, 2023
- Research Description
- Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Nasirahmed Advanced Form Integration – Connect WooCommerce and Contact Form 7 to Google Sheets and other platforms.This issue affects Advanced Form Integration – Connect WooCommerce and Contact Form 7 to Google Sheets and other platforms: from n/a through 1.75.0.
- Affected versions
-
max 1.76.0.
- Status
-
vulnerable
Aug 20, 2024
Advanced Form Integration – Connect WooCommerce and Contact Form 7 to Google Sheets and other platforms # CVE-2024-43340
- CVE, Research URL
- Date
- Aug 27, 2024
- Research Description
- Cross-Site Request Forgery (CSRF) vulnerability in Nasirahmed Advanced Form Integration.This issue affects Advanced Form Integration: from n/a through 1.89.4.
- Affected versions
-
max 1.89.6.
- Status
-
vulnerable
Nov 14, 2024
Advanced Form Integration – Connect WooCommerce and Contact Form 7 to Google Sheets and other platforms # CVE-2024-10877
- CVE, Research URL
- Date
- Nov 13, 2024
- Research Description
- The AFI – The Easiest Integration Plugin plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg & remove_query_arg without appropriate escaping on the URL in all versions up to, and including, 1.92.0. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.
- Affected versions
-
max 1.92.1.
- Status
-
vulnerable
Jan 07, 2025
Advanced Form Integration – Connect WooCommerce and Contact Form 7 to Google Sheets and other platforms # CVE-2024-56293
- CVE, Research URL
- Date
- Jan 07, 2025
- Research Description
- Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in nasirahmed Advanced Form Integration allows Stored XSS.This issue affects Advanced Form Integration: from n/a through 1.95.0.
- Affected versions
-
max 1.97.0.
- Status
-
vulnerable
Mar 26, 2025
Advanced Form Integration – Connect WooCommerce and Contact Form 7 to Google Sheets and other platforms # CVE-2024-13123
- CVE, Research URL
- Date
- Mar 25, 2025
- Research Description
- The AFI WordPress plugin before 1.100.0 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup).
- Affected versions
-
max 1.100.0.
- Status
-
vulnerable
Advanced Form Integration – Connect WooCommerce and Contact Form 7 to Google Sheets and other platforms # CVE-2024-13122
- CVE, Research URL
- Date
- Mar 25, 2025
- Research Description
- The AFI WordPress plugin before 1.100.0 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup).
- Affected versions
-
max 1.100.0.
- Status
-
vulnerable
May 06, 2025
Advanced Form Integration – Connect WooCommerce and Contact Form 7 to Google Sheets and other platforms # CVE-2022-4974
- CVE, Research URL
- Date
- Oct 16, 2024
- Research Description
- The Freemius SDK, as used by hundreds of WordPress plugin and theme developers, was vulnerable to Cross-Site Request Forgery and Information disclosure due to missing capability checks and nonce protection on the _get_debug_log, _get_db_option, and the _set_db_option functions in versions up to, and including 2.4.2. Any WordPress plugin or theme running a version of Freemius less than 2.4.3 is vulnerable.
- Affected versions
-
max 1.49.0.
- Status
-
vulnerable
May 06, 2026
Advanced Form Integration – Connect WooCommerce and Contact Form 7 to Google Sheets and other platforms # CVE-2026-42659
- CVE, Research URL
- Date
- -
- Research Description
- AFI – The Easiest Integration Plugin [advanced-form-integration] < 1.127.0 CVE-2026-42659
- Affected versions
-
max 1.127.0.
- Status
-
vulnerable