Browse all 6 CVE security advisories affecting Tripetto. AI-powered Chinese analysis, POCs, and references for each vulnerability.
Tripetto is an open-source form builder tool used for creating and managing online forms and surveys. Historically, it has been vulnerable to classes including stored cross-site scripting (XSS), remote code execution (RCE), and privilege escalation, primarily through improper input validation and access control flaws. The six recorded CVEs highlight these recurring issues, with some allowing attackers to execute arbitrary code or compromise user accounts. While no major public security incidents have been documented, the consistent pattern of vulnerabilities suggests potential risks for organizations using the platform without proper hardening or updates.
| CVE ID | Title | CVSS | Severity | Published |
|---|---|---|---|---|
| CVE-2021-36895 | WordPress Tripetto plugin <= 5.1.4 - Unauthenticated Cross-Site Scripting (XSS) vulnerability via SVG image upload — Tripetto (WordPress plugin)CWE-79 | 4.7 | Medium | 2022-04-26 |
This page lists every published CVE security advisory associated with Tripetto. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.