Vulnerabilities > Mondula > Multi Step Form > 1.7.13

DATE CVE VULNERABILITY TITLE RISK
2025-01-16 CVE-2024-12427 Missing Authorization vulnerability in Mondula Multi Step Form
The Multi Step Form plugin for WordPress is vulnerable to unauthorized limited file upload due to a missing capability check on the fw_upload_file AJAX action in all versions up to, and including, 1.7.23.
network
low complexity
mondula CWE-862
5.3
5.3
2024-10-29 CVE-2024-50428 Missing Authorization vulnerability in Mondula Multi Step Form
Missing Authorization vulnerability in Mondula GmbH Multi Step Form allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Multi Step Form: from n/a through 1.7.21.
network
low complexity
mondula CWE-862
critical
 9.8
9.8
2024-02-21 CVE-2024-25905 Cross-Site Request Forgery (CSRF) vulnerability in Mondula Multi Step Form
Cross-Site Request Forgery (CSRF) vulnerability in Mondula GmbH Multi Step Form.This issue affects Multi Step Form: from n/a through 1.7.18.
network
low complexity
mondula CWE-352
5.4
5.4
2023-12-21 CVE-2023-50832 Unspecified vulnerability in Mondula Multi Step Form
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Mondula GmbH Multi Step Form allows Stored XSS.This issue affects Multi Step Form: from n/a through 1.7.13.
network
low complexity
mondula
4.8
4.8