Vulnerabilities > Incsub
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2021-11-23 | CVE-2021-24700 | Cross-site Scripting vulnerability in Incsub Forminator The Forminator WordPress plugin before 1.15.4 does not sanitize and escape the email field label, which could allow high privilege users to perform Cross-Site Scripting attacks even when the unfiltered_html is disallowed | 4.8 |
2020-03-17 | CVE-2018-18576 | Path Traversal vulnerability in Incsub Hustle The Hustle (aka wordpress-popup) plugin through 6.0.5 for WordPress allows Directory Traversal to obtain a directory listing via the views/admin/dashboard/ URI. | 5.3 |
2019-10-07 | CVE-2015-9455 | Cross-Site Request Forgery (CSRF) vulnerability in Incsub Buddypress-Activity-Plus The buddypress-activity-plus plugin before 1.6.2 for WordPress has CSRF with resultant directory traversal via the wp-admin/admin-ajax.php bpfb_photos[] parameter in a bpfb_remove_temp_images action. | 8.1 |
2019-05-29 | CVE-2019-11872 | Improper Neutralization of Formula Elements in a CSV File vulnerability in Incsub Hustle The Hustle (aka wordpress-popup) plugin 6.0.7 for WordPress is vulnerable to CSV Injection as it allows for injecting malicious code into a pop-up window. | 8.8 |
2019-03-04 | CVE-2019-9568 | SQL Injection vulnerability in Incsub Forminator The "Forminator Contact Form, Poll & Quiz Builder" plugin before 1.6 for WordPress has SQL Injection via the wp-admin/admin.php?page=forminator-entries entry[] parameter if the attacker has the delete permission. | 6.5 |
2019-03-04 | CVE-2019-9567 | Cross-site Scripting vulnerability in Incsub Forminator The "Forminator Contact Form, Poll & Quiz Builder" plugin before 1.6 for WordPress has XSS via a custom input field of a poll. | 6.1 |