Vulnerabilities > Crmperks > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-01-31 | CVE-2024-1069 | Unrestricted Upload of File with Dangerous Type vulnerability in Crmperks Database for Contact Form 7, Wpforms, Elementor Forms The Contact Form Entries plugin for WordPress is vulnerable to arbitrary file uploads due to insufficient file validation on the 'view_page' function in versions up to, and including, 1.3.2. | 7.2 |
| 2024-01-16 | CVE-2022-3604 | Improper Neutralization of Formula Elements in a CSV File vulnerability in Crmperks Database for Contact Form 7, Wpforms, Elementor Forms The Contact Form Entries WordPress plugin before 1.3.0 does not validate data when its output in a CSV file, which could lead to CSV injection. | 7.8 |
| 2023-05-26 | CVE-2023-25976 | Cross-Site Request Forgery (CSRF) vulnerability in Crmperks Integration for Contact Form 7 and Zoho Crm, Bigin Cross-Site Request Forgery (CSRF) vulnerability in CRM Perks Integration for Contact Form 7 and Zoho CRM, Bigin plugin <= 1.2.2 versions. | 8.8 |