VulnTitan VulnTitan Security command center
Plugin Vulnerability Hub
Plugin 8 known issues Latest disclosed Aug 05, 2024

CRM Perks Forms – WordPress Form Builder Vulnerabilities

Review known vulnerability records for the WordPress plugin CRM Perks Forms – WordPress Form Builder (`crm-perks-forms`), including severity, CVE references, affected versions, and patch status.

Recent tracked CVEs on this page include CVE-2024-7484, CVE-2024-37463 and CVE-2024-30446, so operators can jump from disclosure to patch validation without scanning the full feed first.

View on WordPress.org Back to Feed
Known Records
8
High or Critical
3
Patch Coverage
100%
Last Updated
Aug 06, 2024
Priority CVE Quick Links

Fast paths into CRM Perks Forms – WordPress Form Builder CVE reports

Start with the highest-signal CVE records for this WordPress plugin before scanning the full vulnerability feed.

Indexed CVEs
8
CVE-2024-30498 Critical 1.1.5
CVE-2024-30498 CRM Perks Forms – WordPress Form Builder SQL Injection

CRM Perks Forms <= 1.1.4 - Unauthenticated SQL Injection

CVE-2024-30499 Critical 1.1.5
CVE-2024-30499 CRM Perks Forms – WordPress Form Builder SQL Injection

CRM Perks Forms <= 1.1.4 - Authenticated (Contributor+) SQL Injection

CVE-2024-7484 High 1.1.4
CVE-2024-7484 CRM Perks Forms – WordPress Form Builder Remote Code Execution

CRM Perks Forms <= 1.1.3 - Authenticated (Administrator+) Arbitrary File Upload

CVE-2024-30446 Medium 1.1.5
CVE-2024-30446 CRM Perks Forms – WordPress Form Builder Stored Cross-Site Scripting

CRM Perks Forms <= 1.1.4 - Authenticated (Contributor+) Stored Cross-Site Scripting

CVE-2022-38467 Medium 1.1.1
CVE-2022-38467 CRM Perks Forms – WordPress Form Builder Cross-Site Scripting

CRM Perks Forms <= 1.1.0 - Reflected Cross-Site Scripting

CVE-2024-37463 Medium 1.1.6
CVE-2024-37463 CRM Perks Forms – WordPress Form Builder Vulnerability

CRM Perks Forms <= 1.1.5 - Missing Authorization to Unauthenticated Form Submission

CVE-2023-51536 Medium 1.1.3
CVE-2023-51536 CRM Perks Forms – WordPress Form Builder Stored Cross-Site Scripting

CRM Perks Forms <= 1.1.2 - Authenticated (Administrator+) Stored Cross-Site Scripting

CVE-2023-2836 Medium 1.1.2
CVE-2023-2836 CRM Perks Forms – WordPress Form Builder Stored Cross-Site Scripting

CRM Perks Forms <= 1.1.1 - Authenticated (Admin+) Stored Cross-Site Scripting

Coverage Snapshot

What this page helps you verify fast

This hub clusters every indexed record for CRM Perks Forms – WordPress Form Builder so operators can confirm whether a disclosed issue maps to the installed slug, version range, and patch path.

Patch Visibility
8 records include a published patch path, leaving 0 with no listed safe release yet.
Severity Mix
2 critical and 1 high severity finding.
Recent CVEs
CVE-2024-7484, CVE-2024-37463 and CVE-2024-30446
Reference Workflow
Jump from the hub into the full report when you need remediation notes, exploit context, CVSS vectors, or source references.
Triage First

Open the records most likely to drive action

These recent records surface the CVE strings, patch cues, and direct report links most operators need first.

Known Vulnerabilities

Reports for CRM Perks Forms – WordPress Form Builder

Sorted by latest disclosure date so newly published issues surface first.

Plugin High Patched: Yes CVE-2024-7484
CVE-2024-7484: CRM Perks Forms <= 1.1.3 - Authenticated (Administrator+) Arbitrary File Upload

The CRM Perks Forms plugin for WordPress is vulnerable to arbitrary file uploads due to insufficient file validation on the 'handle_uploaded_files' function in versions up to, and including, 1.1.3. This makes it possible for authenticated attackers with administrator-level capabi...

Published
Aug 05, 2024
Patched Release
1.1.4
Affected Versions
Versions up to 1.1.3
Next Step
Update to 1.1.4 or newer if supported.
Open CVE-2024-7484 Report Open CVE Reference
Plugin Medium Patched: Yes CVE-2024-37463
CVE-2024-37463: CRM Perks Forms <= 1.1.5 - Missing Authorization to Unauthenticated Form Submission

The CRM Perks Forms plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the post_form() function in versions up to, and including, 1.1.5. This makes it possible for unauthenticated attackers to submit forms that should be r...

Published
Jul 01, 2024
Patched Release
1.1.6
Affected Versions
Versions up to 1.1.5
Next Step
Update to 1.1.6 or newer if supported.
Open CVE-2024-37463 Report Open CVE Reference
Plugin Medium Patched: Yes CVE-2024-30446
CVE-2024-30446: CRM Perks Forms <= 1.1.4 - Authenticated (Contributor+) Stored Cross-Site Scripting

The CRM Perks Forms plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 1.1.4 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, t...

Published
Mar 28, 2024
Patched Release
1.1.5
Affected Versions
Versions up to 1.1.4
Next Step
Update to 1.1.5 or newer if supported.
Open CVE-2024-30446 Report Open CVE Reference
Plugin Critical Patched: Yes CVE-2024-30498
CVE-2024-30498: CRM Perks Forms <= 1.1.4 - Unauthenticated SQL Injection

The CRM Perks Forms plugin for WordPress is vulnerable to SQL Injection in versions up to, and including, 1.1.4 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for unauthenticated att...

Published
Mar 28, 2024
Patched Release
1.1.5
Affected Versions
Versions up to 1.1.4
Next Step
Update to 1.1.5 or newer if supported.
Open CVE-2024-30498 Report Open CVE Reference
Plugin Critical Patched: Yes CVE-2024-30499
CVE-2024-30499: CRM Perks Forms <= 1.1.4 - Authenticated (Contributor+) SQL Injection

The CRM Perks Forms plugin for WordPress is vulnerable to SQL Injection in versions up to, and including, 1.1.4 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attac...

Published
Mar 28, 2024
Patched Release
1.1.5
Affected Versions
Versions up to 1.1.4
Next Step
Update to 1.1.5 or newer if supported.
Open CVE-2024-30499 Report Open CVE Reference
Plugin Medium Patched: Yes CVE-2023-51536
CVE-2023-51536: CRM Perks Forms <= 1.1.2 - Authenticated (Administrator+) Stored Cross-Site Scripting

The CRM Perks Forms – WordPress Form Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 1.1.2 due to insufficient input sanitization and output escaping on the label field. This makes it possible for...

Published
Dec 27, 2023
Patched Release
1.1.3
Affected Versions
Versions up to 1.1.2
Next Step
Update to 1.1.3 or newer if supported.
Open CVE-2023-51536 Report Open CVE Reference
Plugin Medium Patched: Yes CVE-2023-2836
CVE-2023-2836: CRM Perks Forms <= 1.1.1 - Authenticated (Admin+) Stored Cross-Site Scripting

The CRM Perks Forms plugin for WordPress is vulnerable to Stored Cross-Site Scripting via form settings in versions up to, and including, 1.1.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level...

Published
May 30, 2023
Patched Release
1.1.2
Affected Versions
Versions up to 1.1.1
Next Step
Update to 1.1.2 or newer if supported.
Open CVE-2023-2836 Report Open CVE Reference
Plugin Medium Patched: Yes CVE-2022-38467
CVE-2022-38467: CRM Perks Forms <= 1.1.0 - Reflected Cross-Site Scripting

The CRM Perks Forms plugin for WordPress is vulnerable to Reflected Cross-Site Scripting in versions up to, and including, 1.10 due to insufficient input sanitization and output escaping in the ~/templates/sample_file.php file. This makes it possible for unauthenticated attackers...

Published
Sep 30, 2022
Patched Release
1.1.1
Affected Versions
Versions up to 1.1.0
Next Step
Update to 1.1.1 or newer if supported.
Open CVE-2022-38467 Report Open CVE Reference