Skip to main content

Easy Registration Forms

3 CVEs product

Monthly

CVE-2023-5134 MEDIUM PATCH This Month

The Easy Registration Forms for WordPress is vulnerable to Information Disclosure via the 'erforms_user_meta' shortcode in versions up to, and including, 2.1.1 due to insufficient controls on the. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Information Disclosure WordPress Easy Registration Forms
NVD VulDB
CVSS 3.1
4.3
EPSS
0.1%
CVE-2021-39353 HIGH This Week

The Easy Registration Forms WordPress plugin is vulnerable to Cross-Site Request Forgery due to missing nonce validation via the ajax_add_form function found in the ~/includes/class-form.php file. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF WordPress PHP Easy Registration Forms
NVD
CVSS 3.1
8.8
EPSS
0.7%
CVE-2020-22275 HIGH POC This Week

Easy Registration Forms (ER Forms) Wordpress Plugin 2.0.6 allows an attacker to submit an entry with malicious CSV commands. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

WordPress Information Disclosure Easy Registration Forms
NVD
CVSS 3.1
8.8
EPSS
2.1%
EPSS 0% CVSS 4.3
MEDIUM PATCH This Month

The Easy Registration Forms for WordPress is vulnerable to Information Disclosure via the 'erforms_user_meta' shortcode in versions up to, and including, 2.1.1 due to insufficient controls on the. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Information Disclosure WordPress Easy Registration Forms
NVD VulDB
EPSS 1% CVSS 8.8
HIGH This Week

The Easy Registration Forms WordPress plugin is vulnerable to Cross-Site Request Forgery due to missing nonce validation via the ajax_add_form function found in the ~/includes/class-form.php file. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF WordPress PHP +1
NVD
EPSS 2% CVSS 8.8
HIGH POC This Week

Easy Registration Forms (ER Forms) Wordpress Plugin 2.0.6 allows an attacker to submit an entry with malicious CSV commands. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

WordPress Information Disclosure Easy Registration Forms
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy