RSS   Vulnerabilities for 'Everest forms'   RSS

2021-12-21
 
CVE-2021-24907

CWE-79
 

 
The Contact Form, Drag and Drop Form Builder for WordPress plugin before 1.8.0 does not escape the status parameter before outputting it back in an attribute, leading to a Reflected Cross-Site Scripting issue

 
2019-07-18
 
CVE-2019-13575

CWE-89
 

 
A SQL injection vulnerability exists in WPEverest Everest Forms plugin for WordPress through 1.4.9. Successful exploitation of this vulnerability would allow a remote attacker to execute arbitrary SQL commands on the affected system via includes/evf-entry-functions.php

 

 >>> Vendor: Wpeverest 3 Products
Contact form
Everest forms
User registration


Copyright 2024, cxsecurity.com

 

Back to Top