Vulnerabilities and security researches forcforms2 cforms2

Jun 10, 2024

CVE, Research URL: CVE-2024-22149
Home page URL: Security reports for cformsII
Application: cformsII
Date: Mar 27, 2024
Research Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Oliver Seidel, Bastian Germann CformsII allows Stored XSS.This issue affects CformsII: from n/a through 15.0.5.
Affected versions: max 15.0.7.
Status: vulnerable

CVE, Research URL: CVE-2014-9473
Home page URL: Security reports for cformsII
Application: cformsII
Date: Jan 08, 2015
Research Description: Unrestricted file upload vulnerability in lib_nonajax.php in the CformsII plugin 14.7 and earlier for WordPress allows remote attackers to execute arbitrary code by uploading a file with an executable extension via the cf_uploadfile2[] parameter, then accessing the file via a direct request to the file in the default upload directory.
Affected versions: max 14.11.
Status: vulnerable

CVE, Research URL: CVE-2017-18570
Home page URL: Security reports for cformsII
Application: cformsII
Date: Aug 22, 2019
Research Description: The cforms2 plugin before 14.13 for WordPress has SQL injection in the tracking DB GUI via Delete Entries or Download Entries.
Affected versions: max 14.13.
Status: vulnerable

CVE, Research URL: CVE-2015-9333
Home page URL: Security reports for cformsII
Application: cformsII
Date: Aug 22, 2019
Research Description: The cforms2 plugin before 14.6.10 for WordPress has SQL injection.
Affected versions: max 14.6.10.
Status: vulnerable

CVE, Research URL: CVE-2023-25449
Home page URL: Security reports for cformsII
Application: cformsII
Date: Jun 15, 2023
Research Description: Cross-Site Request Forgery (CSRF) vulnerability in Oliver Seidel, Bastian Germann cformsII plugin <= 15.0.4 versions.
Affected versions: max 15.0.5.
Status: vulnerable

CVE, Research URL: CVE-2023-52203
Home page URL: Security reports for cformsII
Application: cformsII
Date: Jan 09, 2024
Research Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Oliver Seidel, Bastian Germann cformsII allows Stored XSS.This issue affects cformsII: from n/a through 15.0.5.
Affected versions: max 15.0.7.
Status: vulnerable

CVE, Research URL: CVE-2014-10377
Home page URL: Security reports for cformsII
Application: cformsII
Date: Aug 22, 2019
Research Description: The cforms2 plugin before 13.2 for WordPress has XSS in lib_ajax.php.
Affected versions: max 13.2.
Status: vulnerable

CVE, Research URL: CVE-2010-3977
Home page URL: Security reports for cformsII
Application: cformsII
Date: -
Research Description: Multiple cross-site scripting (XSS) vulnerabilities in wp-content/plugins/cforms/lib_ajax.php in cformsII(cforms 2) WordPress plugin 11.5 allow remote attackers to inject arbitrary web script or HTML via the (1) rs and (2) rsargs[] parameters.
Affected versions: max 11.5.
Status: vulnerable

CVE, Research URL: CVE-2017-18559
Home page URL: Security reports for cformsII
Application: cformsII
Date: Aug 22, 2019
Research Description: The cforms2 plugin before 14.13.3 for WordPress has multiple XSS issues.
Affected versions: max 14.13.3.
Status: vulnerable

CVE, Research URL: CVE-2019-15238
Home page URL: Security reports for cformsII
Application: cformsII
Date: Aug 20, 2019
Research Description: The cforms2 plugin before 15.0.2 for WordPress has CSRF related to the IP address field.
Affected versions: max 15.0.2.
Status: vulnerable

Jun 11, 2024

May 28, 2026

CVE, Research URL: CVE-2026-39436
Home page URL: Security reports for cformsII
Application: cformsII
Date: May 26, 2026
Research Description: Cross-Site Request Forgery (CSRF) vulnerability in bgermann CformsII allows Cross Site Request Forgery. This issue affects CformsII: from n/a through 15.1.3.
Affected versions: max 15.1.4.
Status: vulnerable