Vulnerabilities > Strategy11 > Critical
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-10-31 | CVE-2022-3254 | Unspecified vulnerability in Strategy11 AWP Classifieds The WordPress Classifieds Plugin WordPress plugin before 4.3 does not properly sanitise and escape some parameters before using them in a SQL statement via an AJAX action available to unauthenticated users and when a specific premium module is active, leading to a SQL injection | 9.8 |
| 2021-10-25 | CVE-2021-24884 | Cross-site Scripting vulnerability in Strategy11 Formidable Form Builder The Formidable Form Builder WordPress plugin before 4.09.05 allows to inject certain HTML Tags like <audio>,<video>,<img>,<a> and<button>.This could allow an unauthenticated, remote attacker to exploit a HTML-injection byinjecting a malicous link. | 9.6 |
| 2019-08-29 | CVE-2019-15780 | Deserialization of Untrusted Data vulnerability in Strategy11 Formidable Form Builder The formidable plugin before 4.02.01 for WordPress has unsafe deserialization. | 9.8 |