Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

crmperks — Vulnerabilities & Security Advisories 14

Browse all 14 CVE security advisories affecting crmperks. AI-powered Chinese analysis, POCs, and references for each vulnerability.

CRMperks is a WordPress plugin designed to manage customer relationships and integrate CRM systems. Historically, the plugin has been vulnerable to multiple security issues including remote code execution, cross-site scripting, and privilege escalation vulnerabilities. These flaws often stem from insufficient input validation and improper access controls. With 14 CVEs recorded, CRMperks has faced repeated security incidents, including cases where attackers could execute arbitrary code or steal sensitive data. The plugin's vulnerabilities have primarily affected WordPress sites, allowing unauthorized access or system compromise. Security researchers have consistently identified similar patterns in the codebase, highlighting ongoing security challenges in the plugin's design and implementation.

Top products by crmperks: Database for Contact Form 7, WPforms, Elementor forms CRM Perks Forms – WordPress Form Builder CRM Perks – WordPress HelpDesk Integration – Zendesk, Freshdesk, HelpScout Integration for Salesforce and Contact Form 7, WPForms, Elementor, Formidable, Ninja Forms Integration for Google Sheets and Contact Form 7, WPForms, Elementor, Ninja Forms Integration for Pipedrive and Contact Form 7, WPForms, Elementor, Ninja Forms WP Zendesk for Contact Form 7, WPForms, Elementor, Formidable and Ninja Forms
CVE IDTitleCVSSSeverityPublished
CVE-2026-3831 Database for Contact Form 7, WPforms, Elementor forms <= 1.4.9 - Missing Authorization to Authenticated (Contributor+) Sensitive Information Exposure via Shortcode — Database for Contact Form 7, WPforms, Elementor formsCWE-862 4.3 Medium2026-04-01
CVE-2026-2599 Database for Contact Form 7, WPforms, Elementor forms <= 1.4.7 - Unauthenticated PHP Object Injection via 'download_csv' — Database for Contact Form 7, WPforms, Elementor formsCWE-502 9.8 Critical2026-03-05
CVE-2026-2568 WP Zendesk for Contact Form 7, WPForms, Elementor, Formidable and Ninja Forms <= 1.1.5 - Unauthenticated Stored Cross-Site Scripting — WP Zendesk for Contact Form 7, WPForms, Elementor, Formidable and Ninja FormsCWE-79 7.2 High2026-03-03
CVE-2026-0825 Database for Contact Form 7, WPforms, Elementor forms <= 1.4.5 - Missing Authorization to Unauthenticated Form Data Exfiltration via CSV Export — Database for Contact Form 7, WPforms, Elementor formsCWE-862 5.3 Medium2026-01-28
CVE-2025-7384 Database for Contact Form 7, WPforms, Elementor forms <= 1.4.3 - Unauthenticated PHP Object Injection to Arbitrary File Deletion — Database for Contact Form 7, WPforms, Elementor formsCWE-502 9.8 Critical2025-08-13
CVE-2025-7697 Integration for Google Sheets and Contact Form 7, WPForms, Elementor, Ninja Forms <= 1.1.1 - Unauthenticated PHP Object Injection via verify_field_val Function — Integration for Google Sheets and Contact Form 7, WPForms, Elementor, Ninja FormsCWE-502 9.8 Critical2025-07-19
CVE-2025-7696 Integration for Pipedrive and Contact Form 7, WPForms, Elementor, Ninja Forms <= 1.2.3 - Unauthenticated PHP Object Injection via verify_field_val Function — Integration for Pipedrive and Contact Form 7, WPForms, Elementor, Ninja FormsCWE-502 9.8 Critical2025-07-19
CVE-2025-4659 Integration for Salesforce and Contact Form 7, WPForms, Elementor, Formidable, Ninja Forms <= 1.4.4 - Unauthenticated Full Path Disclosure — Integration for Salesforce and Contact Form 7, WPForms, Elementor, Formidable, Ninja FormsCWE-200 5.3 Medium2025-05-30
CVE-2024-12443 CRM Perks – WordPress HelpDesk Integration – Zendesk, Freshdesk, HelpScout <= 1.1.6 - Authenticated (Contributor+) Stored Cross-Site Scripting — CRM Perks – WordPress HelpDesk Integration – Zendesk, Freshdesk, HelpScoutCWE-79 6.4 Medium2024-12-16
CVE-2024-7484 CRM Perks Forms <= 1.1.3 - Authenticated (Administrator+) Arbitrary File Upload — CRM Perks Forms – WordPress Form BuilderCWE-434 7.2 High2024-08-06
CVE-2024-3715 Database for Contact Form 7, WPforms, Elementor forms <= 1.3.8 - Unauthenticated Stored Cross-Site Scripting — Database for Contact Form 7, WPforms, Elementor formsCWE-79 7.2 High2024-05-02
CVE-2024-2030 Database for Contact Form 7, WPforms, Elementor forms <= 1.3.3 - Authenticated(Contributor+) Stored Cross-Site Scripting via shortcode — Database for Contact Form 7, WPforms, Elementor formsCWE-79 6.4 Medium2024-03-13
CVE-2024-1069 Contact Form Entries <= 1.3.2 - Authenticated (Administrator+) Arbitrary File Upload — Database for Contact Form 7, WPforms, Elementor formsCWE-434 7.2 High2024-01-31
CVE-2023-2836 CRM Perks Forms <= 1.1.1 - Authenticated (Admin+) Stored Cross-Site Scripting — CRM Perks Forms – WordPress Form BuilderCWE-79 4.4 Medium2023-05-31

This page lists every published CVE security advisory associated with crmperks. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.