cleantalk
Vulnerabilities and Security Researches

Advanced Form Integration – Connect WooCommerce and Contact Form 7 to Google Sheets and other platforms, CVE-2024-13123

CVE, Research URL

CVE-2024-13123

Home page URL

Security reports for Advanced Form Integration – Connect WooCommerce and Contact Form 7 to Google Sheets and other platforms

Application

Advanced Form Integration – Connect WooCommerce and Contact Form 7 to Google Sheets and other platforms

Published on
Mar 25, 2025
Research Description
The AFI WordPress plugin before 1.100.0 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup).
Affected versions
max 1.100.0.
Status
vulnerable
Previous vulnerability researches
Advanced Form Integration – Connect WooCommerce and Contact Form 7 to Google Sheets and other platforms (CVE-2026-42659) , May 06, 2026
Advanced Form Integration – Connect WooCommerce and Contact Form 7 to Google Sheets and other platforms (CVE-2024-43340) , Aug 20, 2024
Advanced Form Integration – Connect WooCommerce and Contact Form 7 to Google Sheets and other platforms (CVE-2022-4974) , May 06, 2025
Advanced Form Integration – Connect WooCommerce and Contact Form 7 to Google Sheets and other platforms (CVE-2024-2387) , Jun 07, 2024
Advanced Form Integration – Connect WooCommerce and Contact Form 7 to Google Sheets and other platforms (d6851c635532764da1ccfbf213f9eb9da674c698) , Jun 07, 2024
New vulnerability
Royal Elementor Addons and Templates (CVE-2026-4803) , May 06, 2026
Royal Elementor Addons and Templates (CVE-2026-5159) , May 06, 2026
NEX-Forms – Ultimate Form Builder – Contact forms and much more (CVE-2026-5063) , May 06, 2026
Loco Translate (CVE-2026-1921) , May 06, 2026
Conditional Fields for Contact Form 7 (CVE-2026-25863) , May 06, 2026