Vulnerabilities > Strategy11

DATE CVE VULNERABILITY TITLE RISK
2023-02-28 CVE-2023-24419 Cross-Site Request Forgery (CSRF) vulnerability in Strategy11 Formidable Form Builder
Cross-Site Request Forgery (CSRF) vulnerability in Strategy11 Form Builder Team Formidable Forms plugin <= 5.5.6 versions.
network
low complexity
strategy11 CWE-352
8.8
2022-10-31 CVE-2022-3254 Unspecified vulnerability in Strategy11 AWP Classifieds
The WordPress Classifieds Plugin WordPress plugin before 4.3 does not properly sanitise and escape some parameters before using them in a SQL statement via an AJAX action available to unauthenticated users and when a specific premium module is active, leading to a SQL injection
network
low complexity
strategy11
critical
9.8
2021-10-25 CVE-2021-24608 Cross-site Scripting vulnerability in Strategy11 Formidable Form Builder
The Formidable Form Builder – Contact Form, Survey & Quiz Forms Plugin for WordPress plugin before 5.0.07 does not sanitise and escape its Form's Labels, allowing high privileged users to perform Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed
network
low complexity
strategy11 CWE-79
4.8
2021-10-25 CVE-2021-24884 Cross-site Scripting vulnerability in Strategy11 Formidable Form Builder
The Formidable Form Builder WordPress plugin before 4.09.05 allows to inject certain HTML Tags like <audio>,<video>,<img>,<a> and<button>.This could allow an unauthenticated, remote attacker to exploit a HTML-injection byinjecting a malicous link.
network
low complexity
strategy11 CWE-79
critical
9.6
2021-05-06 CVE-2021-24178 Unspecified vulnerability in Strategy11 Business Directory Plugin - Easy Listing Directories
The Business Directory Plugin – Easy Listing Directories for WordPress WordPress plugin before 5.11.1 suffered from Cross-Site Request Forgery issues, allowing an attacker to make a logged in administrator add, edit or delete form fields, which could also lead to Stored Cross-Site Scripting issues.
network
low complexity
strategy11
8.8
2021-05-06 CVE-2021-24179 Unspecified vulnerability in Strategy11 Business Directory Plugin - Easy Listing Directories
The Business Directory Plugin – Easy Listing Directories for WordPress WordPress plugin before 5.11 suffered from a Cross-Site Request Forgery issue, allowing an attacker to make a logged in administrator import files.
network
low complexity
strategy11
8.8
2021-05-06 CVE-2021-24248 Unspecified vulnerability in Strategy11 Business Directory Plugin - Easy Listing Directories
The Business Directory Plugin – Easy Listing Directories for WordPress WordPress plugin before 5.11.1 did not properly check for imported files, forbidding certain extension via a blacklist approach, allowing administrator to import an archive with a .php4 inside for example, leading to RCE
network
low complexity
strategy11
7.2
2021-05-06 CVE-2021-24249 Unspecified vulnerability in Strategy11 Business Directory Plugin - Easy Listing Directories
The Business Directory Plugin – Easy Listing Directories for WordPress WordPress plugin before 5.11.2 suffered from a Cross-Site Request Forgery issue, allowing an attacker to make a logged in administrator export files, which could then be downloaded by the attacker to get access to PII, such as email, home addresses etc
network
low complexity
strategy11
6.5
2021-05-06 CVE-2021-24250 Unspecified vulnerability in Strategy11 Business Directory Plugin - Easy Listing Directories
The Business Directory Plugin – Easy Listing Directories for WordPress WordPress plugin before 5.11.2 suffered from lack of sanitisation in the label of the Form Fields, leading to Authenticated Stored Cross-Site Scripting issues across various pages of the plugin.
network
low complexity
strategy11
5.4
2021-05-06 CVE-2021-24251 Unspecified vulnerability in Strategy11 Business Directory Plugin - Easy Listing Directories
The Business Directory Plugin – Easy Listing Directories for WordPress WordPress plugin before 5.11.2 suffered from a Cross-Site Request Forgery issue, allowing an attacker to make a logged in administrator update arbitrary payment history, such as change their status (from pending to completed to example)
network
low complexity
strategy11
4.3