Really Simple Security logo

Log out
Get PRO

Latest

Input validation vulnerability in FormFlow: WhatsApp & Social Form Builder for Leads 2.12.1

  • Severity: medium-risk
  • Status: Fixed
  • Publication: July 9, 2024

The WhatsApp & Social Form Builder for Leads plugin for WordPress is at risk of a security issue called Stored Cross-Site Scripting. This happens when the plugin does not properly clean up and protect the information that is entered into the settings by the website administrator. This vulnerability can allow hackers with high-level permissions to inject harmful code into certain pages, causing it to execute when a user visits that page. This issue only affects websites with multiple installations or those that have disabled certain security measures.

Detected in:

FormDeck – WP Form Builder with WhatsApp Integration, Contact Forms, Multi Step Columns based Forms, Floating Forms & Lead Generation fixed vulnerable versions:
FormDeck: Simple Form Builder with WhatsApp Floating Forms fixed vulnerable versions:
FormFlow – WhatsApp Social and WP Form Builder with Lead Management fixed vulnerable versions:
FormFlow- WhatsApp Social and WP Form Builder with Easy Lead Management fixed vulnerable versions:
FormFlow: WhatsApp & Social Form Builder for Leads fixed vulnerable versions: >= * <= 2.12.1
FormFlow: WhatsApp Social and Advanced Form Builder with Easy Lead Collection fixed vulnerable versions:
Simple Form – Easy and Instant Contact Forms, Multi Step Forms, Conditional Logic & Form Analytics fixed vulnerable versions:
Simple Form – Quick Form Builder for Contact Forms, Multi Step Columns based Forms fixed vulnerable versions:
Simple Form – Quick FormDeck for Contact Forms, Multi Step Columns based Forms fixed vulnerable versions:
Simple Form – Ultimate Form Builder with Quiz, Poll, Multi Step Forms, Conditional Logic, Form Analytics & Advanced Integrations fixed vulnerable versions:
Simple Forms — Drag and Drop Form Builder with Quizzes, Polls & Integrations fixed vulnerable versions:
SimpleForm – WP Form Builder with Contact Forms, Multi Step Columns based Forms & Lead Generation fixed vulnerable versions:

This information is sourced from www.wpvulnerability.com. An open-source database of vulnerabilities maintained by the community. Help us out by submitting vulnerabilities!

Version compare shows which versions have a vulnerability. For example: >= 2.2.8 <= 2.2.21 means:

> from 2.2.8
= including 2.2.8 & 2.2.21
< to 2.2.21

  • Incorrect?

Is this information incorrect? Please leave us a message.