Log out
Get PRO

Latest

Input validation vulnerability in Form builder to get in touch with visitors, grow your email list and collect payments — Happyforms 1.25.9

  • Severity: medium-risk
  • Status: Fixed
  • Publication: November 27, 2023

The Happyforms plugin for WordPress is vulnerable to a type of cyber attack called Reflected Cross-Site Scripting. This means that if an unauthenticated attacker can get someone to click on a link, they can inject malicious code into the page. All versions of the plugin up to and including version 1.25.9 are vulnerable to this type of attack because the plugin does not properly check the input or prevent malicious scripts from running.

Detected in:

Form builder to get in touch with visitors and grow your email list — Happyforms fixed vulnerable versions:
Form builder to get in touch with visitors, grow your email list and collect payments — Happyforms fixed vulnerable versions: >= * <= 1.25.9
Happyforms – Form Builder for WordPress: Drag & Drop Contact Forms, Surveys, Payments & Multipurpose Forms fixed vulnerable versions:

This information is sourced from www.wpvulnerability.com. An open-source database of vulnerabilities maintained by the community. Help us out by submitting vulnerabilities!

Version compare shows which versions have a vulnerability. For example: >= 2.2.8 <= 2.2.21 means:

> from 2.2.8
= including 2.2.8 & 2.2.21
< to 2.2.21

  • Incorrect?

Is this information incorrect? Please leave us a message.