Orange-form Project Orange-form — known CVE vulnerabilities
Every CVE whose affected-product data names Orange-form Project Orange-form, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (2)
CVE-2021-24704 — CVSS 8.8 (high): In the Orange Form WordPress plugin through 1.0, the process_bulk_action() function in "admin/orange-form-email.php" performs an unprepared…
CVE-2021-24688 — CVSS 4.3 (medium): The Orange Form WordPress plugin through 1.0.1 does not have any authorisation and CSRF checks in all of its AJAX calls, for example the…