Browse all 3 CVE security advisories affecting Happyforms. AI-powered Chinese analysis, POCs, and references for each vulnerability.
Happyforms is a WordPress form builder plugin enabling users to create and manage custom forms for websites. Historically, the plugin has been susceptible to multiple security vulnerabilities, including cross-site scripting (XSS) and remote code execution (RCE) flaws, often stemming from insufficient input sanitization and improper access controls. The plugin has accumulated three CVEs, with one notable incident allowing unauthenticated attackers to execute arbitrary code due to a missing capability check. These vulnerabilities highlight ongoing security challenges in maintaining robust input validation and permission enforcement within WordPress plugins, potentially exposing websites to significant compromise if not promptly patched.
| CVE ID | Title | CVSS | Severity | Published |
|---|---|---|---|---|
| CVE-2024-44063 | WordPress Happyforms plugin <= 1.26.0 - Cross Site Scripting (XSS) vulnerability — HappyformsCWE-79 | 6.5 | Medium | 2024-09-15 |
| CVE-2024-23521 | WordPress Happyforms plugin <= 1.25.10 - Broken Access Control vulnerability — HappyformsCWE-862 | 5.3 | Medium | 2024-06-11 |
| CVE-2023-48752 | WordPress Happyforms Plugin <= 1.25.9 is vulnerable to Cross Site Scripting (XSS) — Form builder to get in touch with visitors, grow your email list and collect payments — HappyformsCWE-79 | 7.1 | High | 2023-11-30 |
This page lists every published CVE security advisory associated with Happyforms. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.