Vulnerabilities > Crmperks
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-05-31 | CVE-2023-2836 | Cross-site Scripting vulnerability in Crmperks CRM Perks Forms 1.1.1 The CRM Perks Forms plugin for WordPress is vulnerable to Stored Cross-Site Scripting via form settings in versions up to, and including, 1.1.1 due to insufficient input sanitization and output escaping. | 4.8 |
| 2023-05-28 | CVE-2023-33311 | Unspecified vulnerability in Crmperks Contact Form Entries - Contact Form 7 Wpforms and More Auth. | 5.4 |
| 2023-05-26 | CVE-2023-25976 | Unspecified vulnerability in Crmperks Integration for Contact Form 7 and Zoho Crm, Bigin 1.2.2 Cross-Site Request Forgery (CSRF) vulnerability in CRM Perks Integration for Contact Form 7 and Zoho CRM, Bigin plugin <= 1.2.2 versions. | 8.8 |
| 2023-01-14 | CVE-2022-38467 | Unspecified vulnerability in Crmperks CRM Perks Forms Reflected Cross-Site Scripting (XSS) vulnerability in CRM Perks Forms – WordPress Form Builder <= 1.1.0 ver. | 6.1 |
| 2022-01-24 | CVE-2021-25079 | Unspecified vulnerability in Crmperks Contact Form Entries The Contact Form Entries WordPress plugin before 1.2.4 does not sanitise and escape various parameters, such as form_id, status, end_date, order, orderby and search before outputting them back in the admin page | 6.1 |
| 2022-01-24 | CVE-2021-25080 | Unspecified vulnerability in Crmperks Contact Form Entries The Contact Form Entries WordPress plugin before 1.1.7 does not validate, sanitise and escape the IP address retrieved via headers such as CLIENT-IP and X-FORWARDED-FOR, allowing unauthenticated attackers to perform Cross-Site Scripting attacks against logged in admins viewing the created entry | 6.1 |