cleantalk
Vulnerabilities and Security Researches

Vulnerabilities and security researches foreasy-form-builder easy-form-builder

Direction: ascending
Jun 07, 2024

Easy Form Builder # CVE-2024-30535

CVE, Research URL

CVE-2024-30535

Home page URL

Security reports for Easy Form Builder

Application

Easy Form Builder

Date
Apr 01, 2024
Research Description
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in WhiteStudio Easy Form Builder.This issue affects Easy Form Builder: from n/a through 3.7.4.
Affected versions
Min -, max -.
Status
vulnerable

Easy Form Builder # CVE-2022-3906

CVE, Research URL

CVE-2022-3906

Home page URL

Security reports for Easy Form Builder

Application

Easy Form Builder

Date
Dec 12, 2022
Research Description
The Easy Form Builder WordPress plugin before 3.4.0 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup).
Affected versions
Min -, max -.
Status
vulnerable
Jan 08, 2025

Easy Form Builder # CVE-2024-12112

CVE, Research URL

CVE-2024-12112

Home page URL

Security reports for Easy Form Builder

Application

Easy Form Builder

Date
Jan 08, 2025
Research Description
The Easy Form Builder – WordPress plugin form builder: contact form, survey form, payment form, and custom form builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'name' parameter of the 'add_form_Emsfb' AJAX action in all versions up to, and including, 3.8.8 due to insufficient input sanitization and output escaping and missing authorization checks. This makes it possible for authenticated attackers, with Subscriber-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
Affected versions
Min -, max -.
Status
vulnerable
Aug 14, 2025

Easy Form Builder # CVE-2025-54678

CVE, Research URL

CVE-2025-54678

Home page URL

Security reports for Easy Form Builder

Application

Easy Form Builder

Date
Aug 14, 2025
Research Description
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in hassantafreshi Easy Form Builder allows Blind SQL Injection. This issue affects Easy Form Builder: from n/a through 3.8.15.
Affected versions
Min -, max -.
Status
vulnerable