Vulnerabilities > Incsub

DATE CVE VULNERABILITY TITLE RISK
2021-11-23 CVE-2021-24700 Cross-site Scripting vulnerability in Incsub Forminator
The Forminator WordPress plugin before 1.15.4 does not sanitize and escape the email field label, which could allow high privilege users to perform Cross-Site Scripting attacks even when the unfiltered_html is disallowed
network
incsub CWE-79
3.5
3.5
2020-03-17 CVE-2018-18576 Path Traversal vulnerability in Incsub Hustle
The Hustle (aka wordpress-popup) plugin through 6.0.5 for WordPress allows Directory Traversal to obtain a directory listing via the views/admin/dashboard/ URI.
network
low complexity
incsub CWE-22
5.0
5.0
2019-10-07 CVE-2015-9455 Cross-Site Request Forgery (CSRF) vulnerability in Incsub Buddypress-Activity-Plus
The buddypress-activity-plus plugin before 1.6.2 for WordPress has CSRF with resultant directory traversal via the wp-admin/admin-ajax.php bpfb_photos[] parameter in a bpfb_remove_temp_images action.
network
incsub CWE-352
7.8
7.8
2019-05-29 CVE-2019-11872 Improper Neutralization of Formula Elements in a CSV File vulnerability in Incsub Hustle
The Hustle (aka wordpress-popup) plugin 6.0.7 for WordPress is vulnerable to CSV Injection as it allows for injecting malicious code into a pop-up window.
network
low complexity
incsub CWE-1236
8.8
8.8
2019-03-04 CVE-2019-9568 SQL Injection vulnerability in Incsub Forminator
The "Forminator Contact Form, Poll & Quiz Builder" plugin before 1.6 for WordPress has SQL Injection via the wp-admin/admin.php?page=forminator-entries entry[] parameter if the attacker has the delete permission.
network
low complexity
incsub CWE-89
6.5
6.5
2019-03-04 CVE-2019-9567 Cross-site Scripting vulnerability in Incsub Forminator
The "Forminator Contact Form, Poll & Quiz Builder" plugin before 1.6 for WordPress has XSS via a custom input field of a poll.
network
low complexity
incsub CWE-79
6.1
6.1