Skip to main content

Convert Forms

5 CVEs product

Monthly

CVE-2026-48906 CRITICAL Act Now

Arbitrary file deletion in the Novarain/Tassos Framework system plugin (plg_system_nrframework) and the suite of Tassos.gr Joomla extensions that bundle it lets remote unauthenticated attackers delete arbitrary files on affected sites. The CVSS 4.0 vector (PR:N/UI:N) and the 'Authentication Bypass' tag indicate no credentials or interaction are needed, and the high integrity/availability impact reflects that deleting core files such as Joomla's configuration.php can lead to denial of service or site takeover. There is no public exploit identified at time of analysis, and EPSS is low (0.07%, 21st percentile) with no CISA KEV listing, indicating no observed exploitation despite the critical 9.3 base score.

Authentication Bypass Novarain Tassos Framework Plg System Nrframework Convert Forms Engagebox Google Structured Data +5
NVD
CVSS 4.0
9.3
EPSS
0.1%
CVE-2025-22212 LOW Monitor

A SQL injection vulnerability in the Convert Forms component versions 1.0.0-1.0.0 - 4.4.9 for Joomla allows authenticated attackers (administrator) to execute arbitrary SQL commands in the submission. Rated low severity (CVSS 2.7), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SQLi Convert Forms Joomla
NVD GitHub
CVSS 3.1
2.7
EPSS
0.0%
CVE-2024-40745 MEDIUM This Month

Reflected Cross site scripting vulnerability in Convert Forms component for Joomla in versions before 4.4.8. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Convert Forms
NVD
CVSS 3.1
5.4
EPSS
0.2%
CVE-2024-40744 CRITICAL Act Now

Unrestricted file upload via security bypass in Convert Forms component for Joomla in versions before 4.4.8. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

File Upload Convert Forms
NVD
CVSS 3.1
9.8
EPSS
0.5%
CVE-2018-10063 HIGH POC This Week

The Convert Forms extension before 2.0.4 for Joomla!. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Code Injection Convert Forms
NVD Exploit-DB
CVSS 3.0
7.8
EPSS
9.6%
EPSS 0% CVSS 9.3
CRITICAL Act Now

Arbitrary file deletion in the Novarain/Tassos Framework system plugin (plg_system_nrframework) and the suite of Tassos.gr Joomla extensions that bundle it lets remote unauthenticated attackers delete arbitrary files on affected sites. The CVSS 4.0 vector (PR:N/UI:N) and the 'Authentication Bypass' tag indicate no credentials or interaction are needed, and the high integrity/availability impact reflects that deleting core files such as Joomla's configuration.php can lead to denial of service or site takeover. There is no public exploit identified at time of analysis, and EPSS is low (0.07%, 21st percentile) with no CISA KEV listing, indicating no observed exploitation despite the critical 9.3 base score.

Authentication Bypass Novarain Tassos Framework Plg System Nrframework Convert Forms +7
NVD
EPSS 0% CVSS 2.7
LOW Monitor

A SQL injection vulnerability in the Convert Forms component versions 1.0.0-1.0.0 - 4.4.9 for Joomla allows authenticated attackers (administrator) to execute arbitrary SQL commands in the submission. Rated low severity (CVSS 2.7), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SQLi Convert Forms Joomla
NVD GitHub
EPSS 0% CVSS 5.4
MEDIUM This Month

Reflected Cross site scripting vulnerability in Convert Forms component for Joomla in versions before 4.4.8. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Convert Forms
NVD
EPSS 0% CVSS 9.8
CRITICAL Act Now

Unrestricted file upload via security bypass in Convert Forms component for Joomla in versions before 4.4.8. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

File Upload Convert Forms
NVD
EPSS 10% CVSS 7.8
HIGH POC This Week

The Convert Forms extension before 2.0.4 for Joomla!. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Code Injection Convert Forms
NVD Exploit-DB

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy