CVE-2023-5134
- EPSS 0.14%
- Veröffentlicht 23.09.2023 08:15:10
- Zuletzt bearbeitet 21.11.2024 08:41:07
The Easy Registration Forms for WordPress is vulnerable to Information Disclosure via the 'erforms_user_meta' shortcode in versions up to, and including, 2.1.1 due to insufficient controls on the information retrievable via the shortcode. This makes ...
CVE-2021-39353
- EPSS 0.09%
- Veröffentlicht 19.11.2021 16:15:07
- Zuletzt bearbeitet 21.11.2024 06:19:23
The Easy Registration Forms WordPress plugin is vulnerable to Cross-Site Request Forgery due to missing nonce validation via the ajax_add_form function found in the ~/includes/class-form.php file which made it possible for attackers to inject arbitra...
CVE-2020-22275
- EPSS 1.05%
- Veröffentlicht 04.11.2020 17:15:12
- Zuletzt bearbeitet 21.11.2024 05:13:13
Easy Registration Forms (ER Forms) Wordpress Plugin 2.0.6 allows an attacker to submit an entry with malicious CSV commands. After that, when the system administrator generates CSV output from the forms information, there is no check on this inputs a...