cleantalk
Vulnerabilities and Security Researches

Post Form – Registration Form – Profile Form for User Profiles – Frontend Content Forms for User Submissions , CVE-2022-38971

CVE, Research URL

CVE-2022-38971

Home page URL

Security reports for Post Form – Registration Form – Profile Form for User Profiles – Frontend Content Forms for User Submissions

Application

Post Form – Registration Form – Profile Form for User Profiles – Frontend Content Forms for User Submissions

Published on
Mar 16, 2023
Research Description
Stored Cross-Site Scripting (XSS) vulnerability in ThemeKraft Post Form – Registration Form – Profile Form for User Profiles and Content Forms for User Submissions plugin <= 2.7.5 versions.
Affected versions
Min -, max 2.3.2.
Status
vulnerable
Previous vulnerability researches
BuddyForms Moderation ( Former: Review Logic ) (897b17e2e87fb40e2397863f5bd6a2d899657e77) , Jun 07, 2024
BuddyForms Form Elements for WooCommerce (39d1f22f-ea34-4d94-9dc2-12661cf69d36) , Jun 07, 2024
BuddyForms Ultimate Member (893cfcf44e3c079784f666e461a667cb4f6e2761) , Jun 06, 2024
Advanced Custom Fields Frontend Forms &#8211; ACF Forms &#8211; ACF Post Form &#8211; ACF Registration Form &#8211; ACF Content (1d8066394517b6cd0b4aebae83bf3d686d10bc5c) , Jun 06, 2024
BuddyPress &amp; BuddyBoss Member Profile Forms (053af10176d1dc3feead6bb1c45f871d35190797) , Jun 07, 2024
New vulnerability
Integration for WooCommerce and QuickBooks (CVE-2025-39600) , Apr 18, 2025
GB Gallery Slideshow (CVE-2025-32649) , Apr 18, 2025
Question Answer (CVE-2025-32646) , Apr 18, 2025
PropertyHive (CVE-2025-39577) , Apr 18, 2025
WP-BusinessDirectory &#8211; Business directory plugin for WordPress (CVE-2025-32630) , Apr 18, 2025