Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

Tripetto — Vulnerabilities & Security Advisories 6

Browse all 6 CVE security advisories affecting Tripetto. AI-powered Chinese analysis, POCs, and references for each vulnerability.

Tripetto is an open-source form builder tool used for creating and managing online forms and surveys. Historically, it has been vulnerable to classes including stored cross-site scripting (XSS), remote code execution (RCE), and privilege escalation, primarily through improper input validation and access control flaws. The six recorded CVEs highlight these recurring issues, with some allowing attackers to execute arbitrary code or compromise user accounts. While no major public security incidents have been documented, the consistent pattern of vulnerabilities suggests potential risks for organizations using the platform without proper hardening or updates.

Top products by Tripetto: WordPress form builder plugin for contact forms, surveys and quizzes – Tripetto Tripetto (WordPress plugin)
CVE IDTitleCVSSSeverityPublished
CVE-2025-1530 Tripetto <= 8.0.9 - Cross-Site Request Forgery to Arbitrary Results Deletion — WordPress form builder plugin for contact forms, surveys and quizzes – TripettoCWE-352 4.3 Medium2025-03-15
CVE-2024-13497 WordPress form builder plugin for contact forms, surveys and quizzes – Tripetto <= 8.0.9 - Unauthenticated Stored Cross-Site Scripting — WordPress form builder plugin for contact forms, surveys and quizzes – TripettoCWE-80 7.2 High2025-03-15
CVE-2024-13829 WordPress form builder plugin for contact forms, surveys and quizzes – Tripetto <= 8.0.8 - Unauthenticated Sensitive Information Exposure — WordPress form builder plugin for contact forms, surveys and quizzes – TripettoCWE-200 5.3 Medium2025-02-05
CVE-2025-22295 WordPress Tripetto plugin <= 8.0.6 - Cross Site Scripting (XSS) vulnerability — WordPress form builder plugin for contact forms, surveys and quizzes – TripettoCWE-79 7.1 High2025-01-09
CVE-2024-10260 Tripetto <= 8.0.11 - Unauthentiated Stored Cross-Site Scripting via Form File Upload — WordPress form builder plugin for contact forms, surveys and quizzes – TripettoCWE-79 7.2 High2024-11-15
CVE-2021-36895 WordPress Tripetto plugin <= 5.1.4 - Unauthenticated Cross-Site Scripting (XSS) vulnerability via SVG image upload — Tripetto (WordPress plugin)CWE-79 4.7 Medium2022-04-26

This page lists every published CVE security advisory associated with Tripetto. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.