Approved changes feed: RSS · Atom

cpe:2.3:a:ibericode:html_forms:*:*:*:*:*:wordpress:*:*

part: a version: * update: *

VendorIbericode (a9e8df76-4693-5b34-b978-58cd1a10c3bb)
ProductHtml Forms (25372586-2800-5677-ae1b-4877909da34d)
Edition*
Language*
Software edition*
Target softwarewordpress
Target hardware*
Other*
NotesImported from gcve-enriched-dumps CVE data

PURL mappings

PURLSourceLast updated
No PURL mappings for this CPE yet.

Vulnerability references

IdentifiercpeApplicabilitySubmitteddb.gcve.eu detailsRationale
CVE:CVE-2024-6243 vulnerable 2026-06-08 06:58:18.370259 HTML Forms < 1.3.33 - Admin+ Stored XSS
The HTML Forms WordPress plugin before 1.3.33 does not sanitize and escape the form message inputs, allowing high-privilege users, such as administrators, to perform Stored Cross-Site Scripting (XSS) attacks even when the unfiltered_html capability is disabled.
Published: 2024-07-22T06:00:06.064Z
Updated: 2024-08-01T21:33:05.323Z
Reference links
Imported from gcve-enriched-dumps CVE data
CVE:CVE-2023-50836 vulnerable 2026-06-08 06:16:16.826772 WordPress HTML Forms Plugin <= 1.3.28 is vulnerable to Cross Site Scripting (XSS)
MEDIUM (5.9)
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in ibericode HTML Forms allows Stored XSS.This issue affects HTML Forms: from n/a through 1.3.28.
Published: 2023-12-28T10:19:57.333Z
Updated: 2026-04-28T16:08:59.103Z
Reference links
Imported from gcve-enriched-dumps CVE data
CVE:CVE-2022-3689 vulnerable 2026-06-08 05:48:21.661540 HTML Forms < 1.3.25 - Admin+ SQLi
The HTML Forms WordPress plugin before 1.3.25 does not properly properly escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by high privilege users
Published: 2022-11-28T13:47:10.138Z
Updated: 2025-04-25T15:02:21.600Z
Reference links
Imported from gcve-enriched-dumps CVE data

Contribute

You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.