Mondula Multi Step Form — known CVE vulnerabilities
Every CVE whose affected-product data names Mondula Multi Step Form, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (8)
CVE-2018-14430 — CVSS 6.1 (medium): The Mondula Multi Step Form plugin through 1.2.5 for WordPress allows XSS via the fw_data [id][1], fw_data [id][2], fw_data [id][3]…
CVE-2023-50832 — CVSS 5.9 (medium): Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Mondula GmbH Multi Step Form allows…
CVE-2023-47758 — CVSS 5.4 (medium): Cross-Site Request Forgery (CSRF) vulnerability in Mondula GmbH Multi Step Form plugin <= 1.7.11 versions.
CVE-2018-14846 — CVSS 5.4 (medium): The Mondula Multi Step Form plugin before 1.2.8 for WordPress has multiple stored XSS via wp-admin/admin-ajax.php.
CVE-2024-25905 — CVSS 5.4 (medium): Cross-Site Request Forgery (CSRF) vulnerability in Mondula GmbH Multi Step Form.This issue affects Multi Step Form: from n/a through 1.7.18.
CVE-2024-12427 — CVSS 5.3 (medium): The Multi Step Form plugin for WordPress is vulnerable to unauthorized limited file upload due to a missing capability check on the…
CVE-2022-4196 — CVSS 4.8 (medium): The Multi Step Form WordPress plugin before 1.7.8 does not sanitise and escape some of its form fields, which could allow high privilege…
CVE-2024-50428 — CVSS 4.3 (medium): Missing Authorization vulnerability in mondula2016 Multi Step Form multi-step-form allows Exploiting Incorrectly Configured Access Control…