Crm Perks Forms
Approved changes feed: RSS · Atom
cpe:2.3:a:crmperks:crm_perks_forms:*:*:*:*:*:wordpress:*:*
part: a version: * update: *
| Vendor | Crmperks (975241d0-4916-584a-bd9d-200ff8bf9f85) |
|---|---|
| Product | Crm Perks Forms (8e3571fb-be61-51e9-9629-f19311a4153b) |
| Edition | * |
| Language | * |
| Software edition | * |
| Target software | wordpress |
| Target hardware | * |
| Other | * |
| Notes | Imported from gcve-enriched-dumps CVE data |
PURL mappings
| PURL | Source | Last updated |
|---|---|---|
| No PURL mappings for this CPE yet. | ||
Vulnerability references
| Identifier | cpeApplicability | Submitted | db.gcve.eu details | Rationale |
|---|---|---|---|---|
CVE:CVE-2024-7484 |
vulnerable | 2026-06-03 14:58:05.990338 |
CRM Perks Forms <= 1.1.3 - Authenticated (Administrator+) Arbitrary File Upload
HIGH (7.2)
The CRM Perks Forms plugin for WordPress is vulnerable to arbitrary file uploads due to insufficient file validation on the 'handle_uploaded_files' function in versions up to, and including, 1.1.3. This makes it possible for authenticated attackers with administrator-level capabilities or above, to upload arbitrary files on the affected site's server which may make remote code execution possible.
Published: 2024-08-06T01:49:56.901Z
Updated: 2026-04-08T16:32:45.187Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2024-37463 |
vulnerable | 2026-06-03 14:56:06.719720 |
WordPress CRM Perks Forms plugin <= 1.1.5 - Broken Access Control vulnerability
MEDIUM (5.3)
Missing Authorization vulnerability in CRM Perks CRM Perks Forms allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects CRM Perks Forms: from n/a through 1.1.5.
Published: 2024-11-01T14:18:19.316Z
Updated: 2026-04-28T16:09:59.307Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2024-30499 |
vulnerable | 2026-06-03 14:55:38.468667 |
WordPress CRM Perks Forms plugin <= 1.1.4 - SQL Injection vulnerability
HIGH (8.5)
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in CRM Perks CRM Perks Forms.This issue affects CRM Perks Forms: from n/a through 1.1.4.
Published: 2024-03-29T14:01:36.578Z
Updated: 2026-04-28T16:09:25.035Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2024-30498 |
vulnerable | 2026-06-03 14:55:38.468247 |
WordPress CRM Perks Forms plugin <= 1.1.4 - Unauthenticated SQL Injection vulnerability
CRITICAL (9.3)
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in CRM Perks CRM Perks Forms.This issue affects CRM Perks Forms: from n/a through 1.1.4.
Published: 2024-03-29T14:00:33.151Z
Updated: 2026-04-28T16:09:25.103Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2024-30446 |
vulnerable | 2026-06-03 14:55:38.341245 |
WordPress CRM Perks Forms plugin <= 1.1.4 - Cross Site Scripting (XSS) vulnerability
MEDIUM (6.5)
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in CRM Perks CRM Perks Forms allows Stored XSS.This issue affects CRM Perks Forms: from n/a through 1.1.4.
Published: 2024-03-29T16:54:02.369Z
Updated: 2026-04-28T16:09:24.010Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2023-51536 |
vulnerable | 2026-06-03 14:53:37.983016 |
WordPress CRM Perks Forms Plugin <= 1.1.2 is vulnerable to Cross Site Scripting (XSS)
MEDIUM (5.9)
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in CRM Perks CRM Perks Forms – WordPress Form Builder allows Stored XSS.This issue affects CRM Perks Forms – WordPress Form Builder: from n/a through 1.1.2.
Published: 2024-02-01T10:25:53.730Z
Updated: 2026-04-28T16:09:04.058Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2023-2836 |
vulnerable | 2026-06-03 14:51:44.115791 |
CRM Perks Forms <= 1.1.1 - Authenticated (Admin+) Stored Cross-Site Scripting
MEDIUM (4.4)
The CRM Perks Forms plugin for WordPress is vulnerable to Stored Cross-Site Scripting via form settings in versions up to, and including, 1.1.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled.
Published: 2023-05-31T03:36:11.324Z
Updated: 2026-04-08T17:28:14.146Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2022-38467 |
vulnerable | 2026-06-03 14:47:49.802977 |
WordPress CRM Perks Forms Plugin <= 1.1.0 is vulnerable to Reflected Cross Site Scripting (XSS) vulnerability
MEDIUM (6.1)
Reflected Cross-Site Scripting (XSS) vulnerability in CRM Perks Forms – WordPress Form Builder <= 1.1.0 ver.
Published: 2023-01-14T10:14:12.393Z
Updated: 2026-04-28T16:07:47.207Z |
Imported from gcve-enriched-dumps CVE data |
Contribute
You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.