Cforms & CformsII < 14.13.3 – Multiple XSS | CVE 2017-18559

Affects Plugins

cforms2

Fixed in 14.13.3

cforms

No known fix

References

CVE

CVE-2017-18559

Classification

Type

XSS

OWASP top 10

A7: Cross-Site Scripting (XSS)

CWE

CWE-79

CVSS

6.1 (medium)

Miscellaneous

Verified

No

WPVDB ID

ac341690-0af8-4168-898c-03ea01d05b0d

Timeline

Publicly Published

2017-04-28 (about 9 years ago)

Added

2019-08-24 (about 6 years ago)

Last Updated

2020-09-22 (about 5 years ago)

Other

Published

Title

Published

2025-01-16

Title

Preloader Quotes <= 1.0.0 - Reflected Cross-Site Scripting

Published

2024-08-16

Title

Clever Addons for Elementor < 2.2.1 - Authenticated (Author+) Stored Cross-Site Scripting

Published

2025-09-05

Title

StoryMap <= 2.1 - Authenticated (Contributor+) Stored Cross-Site Scripting

Published

2009-09-27

Title

WP Cumulus < 1.22 - XSS

Published

2026-03-20

Title

Easy Image Gallery <= 1.5.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via Gallery Shortcode Post Meta