Vulnerabilities > Strategy11 > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-06-09 | CVE-2024-31350 | Missing Authorization vulnerability in Strategy11 AWP Classifieds Missing Authorization vulnerability in AWP Classifieds Team AWP Classifieds.This issue affects AWP Classifieds: from n/a through 4.3.1. | 8.8 |
| 2024-01-16 | CVE-2023-1405 | Deserialization of Untrusted Data vulnerability in Strategy11 Formidable Forms The Formidable Forms WordPress plugin before 6.2 unserializes user input, which could allow anonymous users to perform PHP Object Injection when a suitable gadget is present. | 7.5 |
| 2023-10-06 | CVE-2023-41801 | Cross-Site Request Forgery (CSRF) vulnerability in Strategy11 AWP Classifieds Cross-Site Request Forgery (CSRF) vulnerability in AWP Classifieds Team Ad Directory & Listings by AWP Classifieds plugin <= 4.3 versions. | 8.8 |
| 2023-06-27 | CVE-2023-2877 | Unspecified vulnerability in Strategy11 Formidable Forms The Formidable Forms WordPress plugin before 6.3.1 does not adequately authorize the user or validate the plugin URL in its functionality for installing add-ons. | 8.8 |
| 2023-02-28 | CVE-2023-24419 | Cross-Site Request Forgery (CSRF) vulnerability in Strategy11 Formidable Form Builder Cross-Site Request Forgery (CSRF) vulnerability in Strategy11 Form Builder Team Formidable Forms plugin <= 5.5.6 versions. | 8.8 |
| 2021-05-06 | CVE-2021-24178 | Cross-Site Request Forgery (CSRF) vulnerability in Strategy11 Business Directory Plugin - Easy Listing Directories The Business Directory Plugin – Easy Listing Directories for WordPress WordPress plugin before 5.11.1 suffered from Cross-Site Request Forgery issues, allowing an attacker to make a logged in administrator add, edit or delete form fields, which could also lead to Stored Cross-Site Scripting issues. | 8.8 |
| 2021-05-06 | CVE-2021-24179 | Cross-Site Request Forgery (CSRF) vulnerability in Strategy11 Business Directory Plugin - Easy Listing Directories The Business Directory Plugin – Easy Listing Directories for WordPress WordPress plugin before 5.11 suffered from a Cross-Site Request Forgery issue, allowing an attacker to make a logged in administrator import files. | 8.8 |
| 2021-05-06 | CVE-2021-24248 | Unrestricted Upload of File with Dangerous Type vulnerability in Strategy11 Business Directory Plugin - Easy Listing Directories The Business Directory Plugin – Easy Listing Directories for WordPress WordPress plugin before 5.11.1 did not properly check for imported files, forbidding certain extension via a blacklist approach, allowing administrator to import an archive with a .php4 inside for example, leading to RCE | 7.2 |
| 2019-08-29 | CVE-2019-15780 | Deserialization of Untrusted Data vulnerability in Strategy11 Formidable Form Builder The formidable plugin before 4.02.01 for WordPress has unsafe deserialization. | 7.5 |