WordPress Plugin Vulnerabilities

Cforms & CformsII <= 15.0.1 - Unauthenticated HTML Injection & CSRF

Affects Plugins

Plugin icon
cforms2
Fixed in 15.0.2
Plugin icon
cforms
No known fix

References

CVE
CVE-2019-15238
URL
https://blog.nintechnet.com/html-injection-vulnerability-in-wordpress-cformsii-plugin/

Miscellaneous

Original Researcher
Jerome Bruandet (nintechnet.com)
Verified
No
WPVDB ID
83d7bd24-0155-4fee-957d-61ee89891909

Timeline

Publicly Published
2019-08-12 (about 6 years ago)
Added
2019-08-12 (about 6 years ago)
Last Updated
2020-09-22 (about 5 years ago)

Other

Published
Title
Published
2020-01-10
Title
EasyBook < 1.2.2 - Multiple Vulnerabilities
Published
2016-04-17
Title
Kento Post View Counter <= 2.8 - CSRF & multiple XSS
Published
2024-11-12
Title
Twigify <= 1.1.2 - Vulnerable Twig Package
Published
2019-02-13
Title
Online Accessibility <= 2.0.10 - CSRF and lack of Authorisation in AJAX methods
Published
2015-01-11
Title
Our Team Showcase 1.2 - CSRF & XSS