Filtered by vendor Easyregistrationforms
Subscribe
Filtered by product Easy Registration Forms
Subscribe
Total
2 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2021-39353 | 1 Easyregistrationforms | 1 Easy Registration Forms | 2021-11-24 | 6.8 MEDIUM | 8.8 HIGH |
The Easy Registration Forms WordPress plugin is vulnerable to Cross-Site Request Forgery due to missing nonce validation via the ajax_add_form function found in the ~/includes/class-form.php file which made it possible for attackers to inject arbitrary web scripts in versions up to, and including 2.1.1. | |||||
CVE-2020-22275 | 1 Easyregistrationforms | 1 Easy Registration Forms | 2021-07-21 | 6.8 MEDIUM | 8.8 HIGH |
Easy Registration Forms (ER Forms) Wordpress Plugin 2.0.6 allows an attacker to submit an entry with malicious CSV commands. After that, when the system administrator generates CSV output from the forms information, there is no check on this inputs and the codes are executable. |