cleantalk
Vulnerabilities and Security Researches

WP Zoho for Contact Form 7, WPForms, Elementor, Formidable and Ninja Forms – CRM, Bigin, 106a82d219f1a97c15664d44b707383c65d1b2e8

CVE, Research URL

106a82d219f1a97c15664d44b707383c65d1b2e8

Home page URL

Security reports for WP Zoho for Contact Form 7, WPForms, Elementor, Formidable and Ninja Forms – CRM, Bigin

Application

WP Zoho for Contact Form 7, WPForms, Elementor, Formidable and Ninja Forms – CRM, Bigin

Published on
Aug 25, 2021
Research Description
WP Zoho for Contact Form 7, WPForms, Elementor, Formidable and Ninja Forms &#8211; CRM, Bigin [cf7-zoho] < 1.1.8 Integration for Contact Form 7 and Zoho CRM, Bigin <= 1.1.7 - Cross-Site Scripting The Integration for Contact Form 7 and Zoho CRM, Bigin plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘start_date’ and ‘end_date’ parameters in versions up to, and including, 1.1.7 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.
Affected versions
max 1.1.8.
Status
vulnerable
Previous vulnerability researches
WordPress Connect (feaf7c04-4991-4c34-bfbf-d849a9e38599) , Jun 16, 2026
WordPress Connect (5b2d1beeae1454c4c4f60eac4f084fd504540b28) , Jun 16, 2026
WordPress Connect (b326cdbf2040aa8eeb688f951965600d9b290062) , Jun 06, 2024
New vulnerability
Request a Quote (359a61d5705c479c547aeae7536b6ad5e6d3b1c8) , Jun 16, 2026
Request a Quote (6eba2aa8fd71d4ea7dd969e0a5b52e3f1366a2fa) , Jun 16, 2026
Request a Quote (4bc92bf8b452fa0f54703c576853e3a3e56157bd) , Jun 16, 2026
Request a Quote (5e7ad671f8a77a469a90b6a2aae807bbb1bc5199) , Jun 16, 2026
WP Tools Divi Product Carousel (d2857175794c39e5c1d58063dbe17bd1f0436931) , Jun 16, 2026