Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

strategy11team — Vulnerabilities & Security Advisories 15

Browse all 15 CVE security advisories affecting strategy11team. AI-powered Chinese analysis, POCs, and references for each vulnerability.

Strategy11team develops WordPress security plugins, primarily focused on access control and user management. Their products have historically been vulnerable to remote code execution, cross-site scripting, and privilege escalation vulnerabilities, accounting for the majority of their 15 CVEs. Notable characteristics include improper input validation and insufficient access controls in their plugin architectures. While no major public security incidents have been widely documented, their consistent vulnerability pattern suggests systemic issues in secure coding practices. The team's plugins remain popular despite these security concerns, indicating a prioritization of functionality over robust security measures in their development lifecycle.

Top products by strategy11team: Formidable Forms – Contact Form Plugin, Survey, Quiz, Payment, Calculator Form & Custom Form Builder Business Directory Plugin – Easy Listing Directories for WordPress AWP Classifieds
CVE IDTitleCVSSSeverityPublished
CVE-2026-5100 AWP Classifieds <= 4.4.5 - Unauthenticated SQL Injection via 'regions' — AWP ClassifiedsCWE-89 7.5 High2026-05-05
CVE-2026-2888 Formidable Forms <= 6.28 - Unauthenticated Payment Amount Manipulation via 'item_meta' Parameter — Formidable Forms – Contact Form Plugin, Survey, Quiz, Payment, Calculator Form & Custom Form BuilderCWE-639 5.3 Medium2026-03-13
CVE-2026-2890 Formidable Forms <= 6.28 - Missing Authorization to Unauthenticated Payment Integrity Bypass via PaymentIntent Reuse — Formidable Forms – Contact Form Plugin, Survey, Quiz, Payment, Calculator Form & Custom Form BuilderCWE-862 7.5 High2026-03-13
CVE-2026-1656 Business Directory Plugin <= 6.4.20 - Missing Authorization to Unauthenticated Arbitrary Listing Modification — Business Directory Plugin – Easy Listing Directories for WordPressCWE-862 5.3 Medium2026-02-18
CVE-2026-2576 Business Directory Plugin <= 6.4.21 - Unauthenticated SQL Injection via payment Parameter — Business Directory Plugin – Easy Listing Directories for WordPressCWE-89 7.5 High2026-02-18
CVE-2024-13887 Business Directory Plugin - Easy Listing Directories for WordPress <= 6.4.14 - Insecure Direct Object Reference to Listing Arbitrary Image Addition — Business Directory Plugin – Easy Listing Directories for WordPressCWE-639 5.3 Medium2025-03-13
CVE-2024-11188 Formidable Forms – Contact Form Plugin, Survey, Quiz, Payment, Calculator Form & Custom Form Builder <= 6.16.1.2 - Reflected Cross-Site Scripting via Custom HTML Form Parameter — Formidable Forms – Contact Form Plugin, Survey, Quiz, Payment, Calculator Form & Custom Form BuilderCWE-79 6.1 Medium2024-11-23
CVE-2017-20194 Formidable Form Builder < 2.05.03 - Unauthenticated Information Disclosure — Formidable Forms – Contact Form Plugin, Survey, Quiz, Payment, Calculator Form & Custom Form BuilderCWE-200 5.3 Medium2024-10-16
CVE-2017-20192 Formidable Form Builder < 2.05.03 - Unauthenticated Stored Cross-Site Scripting — Formidable Forms – Contact Form Plugin, Survey, Quiz, Payment, Calculator Form & Custom Form BuilderCWE-79 8.3 High2024-10-16
CVE-2024-6725 Formidable Forms <= 6.11.1 - Authenticated (Subscriber+) Stored Cross-Site Scripting — Formidable Forms – Contact Form Plugin, Survey, Quiz, Payment, Calculator Form & Custom Form BuilderCWE-79 4.9 Medium2024-07-31
CVE-2023-5527 Business Directory Plugin <= 6.4.3 - Authenticated (Author+) CSV Injection — Business Directory Plugin – Easy Listing Directories for WordPressCWE-1236 7.4 High2024-06-18
CVE-2024-4443 Business Directory Plugin – Easy Listing Directories for WordPress <= 6.4.2 - Unauthenticated SQL Injection via listingfields Parameter — Business Directory Plugin – Easy Listing Directories for WordPressCWE-89 9.8 Critical2024-05-22
CVE-2024-0660 Formidable Forms <= 6.7.2 - Cross-Site Request Forgery to Stored Cross-Site Scripting — Formidable Forms – Contact Form Plugin, Survey, Quiz, Payment, Calculator Form & Custom Form BuilderCWE-352 6.1 Medium2024-02-05
CVE-2023-6830 Formidable Forms <= 6.7 - HTML Injection — Formidable Forms – Contact Form Plugin, Survey, Quiz, Payment, Calculator Form & Custom Form BuilderCWE-79 6.5 Medium2024-01-09
CVE-2023-6842 Formidable Forms <= 6.7 - Authenticated (Administrator+) Stored Cross-Site Scripting — Formidable Forms – Contact Form Plugin, Survey, Quiz, Payment, Calculator Form & Custom Form BuilderCWE-79 4.4 Medium2024-01-09

This page lists every published CVE security advisory associated with strategy11team. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.