Vulnerabilities > Incsub
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-04-18 | CVE-2022-0994 | Unspecified vulnerability in Incsub Hummingbird The Hummingbird WordPress plugin before 3.3.2 does not sanitise and escape the Config Name, which could allow high privilege users, such as admin to perform cross-Site Scripting attacks even when the unfiltered_html capability is disallowed | 4.8 |
| 2021-11-23 | CVE-2021-24700 | Unspecified vulnerability in Incsub Forminator The Forminator WordPress plugin before 1.15.4 does not sanitize and escape the email field label, which could allow high privilege users to perform Cross-Site Scripting attacks even when the unfiltered_html is disallowed | 4.8 |
| 2020-03-17 | CVE-2018-18576 | Path Traversal vulnerability in Incsub Hustle The Hustle (aka wordpress-popup) plugin through 6.0.5 for WordPress allows Directory Traversal to obtain a directory listing via the views/admin/dashboard/ URI. | 5.3 |
| 2019-10-07 | CVE-2015-9455 | Cross-Site Request Forgery (CSRF) vulnerability in Incsub Buddypress-Activity-Plus The buddypress-activity-plus plugin before 1.6.2 for WordPress has CSRF with resultant directory traversal via the wp-admin/admin-ajax.php bpfb_photos[] parameter in a bpfb_remove_temp_images action. | 8.1 |
| 2019-05-29 | CVE-2019-11872 | Improper Neutralization of Formula Elements in a CSV File vulnerability in Incsub Hustle The Hustle (aka wordpress-popup) plugin 6.0.7 for WordPress is vulnerable to CSV Injection as it allows for injecting malicious code into a pop-up window. | 8.8 |
| 2019-03-04 | CVE-2019-9568 | SQL Injection vulnerability in Incsub Forminator The "Forminator Contact Form, Poll & Quiz Builder" plugin before 1.6 for WordPress has SQL Injection via the wp-admin/admin.php?page=forminator-entries entry[] parameter if the attacker has the delete permission. | 6.5 |
| 2019-03-04 | CVE-2019-9567 | Cross-site Scripting vulnerability in Incsub Forminator The "Forminator Contact Form, Poll & Quiz Builder" plugin before 1.6 for WordPress has XSS via a custom input field of a poll. | 6.1 |