Skip to main content

Crm Perks Forms

8 CVEs product

Monthly

CVE-2026-57421 HIGH This Week

Reflected cross-site scripting in the CRM Perks Forms WordPress plugin (all versions up to and including 1.1.7) lets an unauthenticated attacker inject script that executes in a victim's browser when they open a crafted link. Patchstack catalogued the issue at CVSS 3.1 7.1, and the scope-changed vector reflects that injected script runs in the WordPress site's origin rather than a sandbox. No public exploit or active exploitation has been identified at time of analysis, so risk is driven by the low attack complexity and required user interaction rather than mass exploitation.

XSS Crm Perks Forms
NVD VulDB
CVSS 3.1
7.1
EPSS
0.3%
CVE-2024-37463 CRITICAL Act Now

Missing Authorization vulnerability in CRM Perks CRM Perks Forms allows Accessing Functionality Not Properly Constrained by ACLs.1.5. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Crm Perks Forms
NVD
CVSS 3.1
9.8
EPSS
0.4%
CVE-2024-7484 HIGH PATCH This Week

The CRM Perks Forms plugin for WordPress is vulnerable to arbitrary file uploads due to insufficient file validation on the 'handle_uploaded_files' function in versions up to, and including, 1.1.3. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. This Unrestricted File Upload vulnerability could allow attackers to upload malicious files that can be executed on the server.

RCE WordPress File Upload Crm Perks Forms
NVD
CVSS 3.1
7.2
EPSS
0.9%
CVE-2024-30446 MEDIUM This Month

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in CRM Perks CRM Perks Forms allows Stored XSS.1.4. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Crm Perks Forms
NVD
CVSS 3.1
6.5
EPSS
0.2%
CVE-2024-30499 HIGH This Week

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in CRM Perks CRM Perks Forms.1.4. Rated high severity (CVSS 8.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SQLi Crm Perks Forms
NVD
CVSS 3.1
8.5
EPSS
0.4%
CVE-2024-30498 CRITICAL POC THREAT Emergency

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in CRM Perks CRM Perks Forms.1.4. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 16.9%.

SQLi Crm Perks Forms
NVD
CVSS 3.1
9.3
EPSS
16.9%
CVE-2023-51536 MEDIUM This Month

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in CRM Perks CRM Perks Forms - WordPress Form Builder allows Stored XSS.1.2. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS WordPress Crm Perks Forms
NVD
CVSS 3.1
5.9
EPSS
0.1%
CVE-2023-2836 MEDIUM POC PATCH This Month

The CRM Perks Forms plugin for WordPress is vulnerable to Stored Cross-Site Scripting via form settings in versions up to, and including, 1.1.1 due to insufficient input sanitization and output. Rated medium severity (CVSS 4.4), this vulnerability is remotely exploitable. Public exploit code available.

XSS WordPress Crm Perks Forms
NVD GitHub VulDB
CVSS 3.1
4.4
EPSS
0.2%
EPSS 0% CVSS 7.1
HIGH This Week

Reflected cross-site scripting in the CRM Perks Forms WordPress plugin (all versions up to and including 1.1.7) lets an unauthenticated attacker inject script that executes in a victim's browser when they open a crafted link. Patchstack catalogued the issue at CVSS 3.1 7.1, and the scope-changed vector reflects that injected script runs in the WordPress site's origin rather than a sandbox. No public exploit or active exploitation has been identified at time of analysis, so risk is driven by the low attack complexity and required user interaction rather than mass exploitation.

XSS Crm Perks Forms
NVD VulDB
EPSS 0% CVSS 9.8
CRITICAL Act Now

Missing Authorization vulnerability in CRM Perks CRM Perks Forms allows Accessing Functionality Not Properly Constrained by ACLs.1.5. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Crm Perks Forms
NVD
EPSS 1% CVSS 7.2
HIGH PATCH This Week

The CRM Perks Forms plugin for WordPress is vulnerable to arbitrary file uploads due to insufficient file validation on the 'handle_uploaded_files' function in versions up to, and including, 1.1.3. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. This Unrestricted File Upload vulnerability could allow attackers to upload malicious files that can be executed on the server.

RCE WordPress File Upload +1
NVD
EPSS 0% CVSS 6.5
MEDIUM This Month

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in CRM Perks CRM Perks Forms allows Stored XSS.1.4. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Crm Perks Forms
NVD
EPSS 0% CVSS 8.5
HIGH This Week

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in CRM Perks CRM Perks Forms.1.4. Rated high severity (CVSS 8.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SQLi Crm Perks Forms
NVD
EPSS 17% CVSS 9.3
CRITICAL POC THREAT Emergency

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in CRM Perks CRM Perks Forms.1.4. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 16.9%.

SQLi Crm Perks Forms
NVD
EPSS 0% CVSS 5.9
MEDIUM This Month

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in CRM Perks CRM Perks Forms - WordPress Form Builder allows Stored XSS.1.2. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS WordPress Crm Perks Forms
NVD
EPSS 0% CVSS 4.4
MEDIUM POC PATCH This Month

The CRM Perks Forms plugin for WordPress is vulnerable to Stored Cross-Site Scripting via form settings in versions up to, and including, 1.1.1 due to insufficient input sanitization and output. Rated medium severity (CVSS 4.4), this vulnerability is remotely exploitable. Public exploit code available.

XSS WordPress Crm Perks Forms
NVD GitHub VulDB

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy