Lucene search

K

Form Plugin For WordPress Security Vulnerabilities

cve
cve

CVE-2024-34826

Missing Authorization vulnerability in Tobias Conrad Design for Contact Form 7 Style WordPress Plugin – CF7 WOW Styler.This issue affects Design for Contact Form 7 Style WordPress Plugin – CF7 WOW Styler: from n/a through...

6.3CVSS

6.7AI Score

0.0004EPSS

2024-06-11 03:16 PM
25
cve
cve

CVE-2024-4266

The MetForm – Contact Form, Survey, Quiz, & Custom Form Builder for Elementor plugin for WordPress is vulnerable to Sensitive Information Exposure in versions up to, and including, 3.8.8 via the 'handle_file' function. This can allow unauthenticated attackers to extract sensitive data, such as...

5.3CVSS

5.3AI Score

0.001EPSS

2024-06-11 08:15 AM
22
cve
cve

CVE-2024-4319

The Advanced Contact form 7 DB plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the 'vsz_cf7_export_to_excel' function in versions up to, and including, 2.0.2. This makes it possible for unauthenticated attackers to download the entry data for.....

5.3CVSS

5.2AI Score

0.0005EPSS

2024-06-11 06:15 AM
24
cve
cve

CVE-2024-3723

The Advanced Contact form 7 DB plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.0.2 via the wp-content/uploads/advanced-cf7-upload directory. This makes it possible for unauthenticated attackers to extract sensitive data uploaded via this....

5.3CVSS

5.2AI Score

0.0005EPSS

2024-06-11 06:15 AM
22
cve
cve

CVE-2023-5424

The WS Form LITE plugin for WordPress is vulnerable to CSV Injection in versions up to, and including, 1.9.217. This allows unauthenticated attackers to embed untrusted input into exported CSV files, which can result in code execution when these files are downloaded and opened on a local system...

8.8CVSS

7.9AI Score

0.001EPSS

2024-06-07 10:15 AM
26
cve
cve

CVE-2024-4621

The ARForms - Premium WordPress Form Builder Plugin WordPress plugin before 6.6 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example....

5.8AI Score

0.0004EPSS

2024-06-07 06:15 AM
30
cve
cve

CVE-2024-5665

The Login/Signup Popup ( Inline Form + Woocommerce ) plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the ‘export_settings’ function in versions 2.7.1 to 2.7.2. This makes it possible for authenticated attackers, with Subscriber-level access...

4.3CVSS

6.8AI Score

0.001EPSS

2024-06-06 08:15 AM
21
cve
cve

CVE-2024-5324

The Login/Signup Popup ( Inline Form + Woocommerce ) plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'import_settings' function in versions 2.7.1 to 2.7.2. This makes it possible for authenticated attackers, with Subscriber-level...

8.8CVSS

8.2AI Score

0.001EPSS

2024-06-06 02:15 AM
4
cve
cve

CVE-2024-5149

The BuddyForms plugin for WordPress is vulnerable to Email Verification Bypass in all versions up to, and including, 2.8.9 via the use of an insufficiently random activation code. This makes it possible for unauthenticated attackers to bypass the email...

6.5CVSS

7.2AI Score

0.0005EPSS

2024-06-05 05:15 AM
24
cve
cve

CVE-2023-45009

Improper Restriction of Excessive Authentication Attempts vulnerability in Forge12 Interactive GmbH Captcha/Honeypot for Contact Form 7 allows Functionality Bypass.This issue affects Captcha/Honeypot for Contact Form 7: from n/a through...

5.3CVSS

7.2AI Score

0.0004EPSS

2024-06-04 09:15 AM
1
cve
cve

CVE-2024-4870

The Frontend Registration – Contact Form 7 plugin for WordPress is vulnerable to privilege escalation in versions up to, and including, 5.1 due to insufficient restriction on the 'cf7frr' post meta. This makes it possible for authenticated attackers, with editor-level access and above, to modify...

7.2CVSS

7.1AI Score

0.001EPSS

2024-06-04 02:15 AM
1
cve
cve

CVE-2024-35632

Cross-Site Request Forgery (CSRF) vulnerability in CRM Perks. Integration for Contact Form 7 and Constant Contact.This issue affects Integration for Contact Form 7 and Constant Contact: from n/a through...

4.3CVSS

7.3AI Score

0.0004EPSS

2024-06-03 12:15 PM
14
cve
cve

CVE-2024-4958

The User Registration – Custom Registration Form, Login Form, and User Profile WordPress Plugin plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'import_form_action' function in versions up to, and including, 3.2.0.1. This makes it...

7.1CVSS

6.7AI Score

0.001EPSS

2024-06-01 08:15 AM
6
cve
cve

CVE-2024-2295

The Contact Form Manager plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's [xyz-cfm-form] shortcode in all versions up to, and including, 1.6.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...

6.4CVSS

6AI Score

0.0004EPSS

2024-06-01 08:15 AM
6
cve
cve

CVE-2024-5085

The Hash Form – Drag & Drop Form Builder plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 1.1.0 via deserialization of untrusted input in the 'process_entry' function. This makes it possible for unauthenticated attackers to inject a PHP Object. No...

8.1CVSS

7.3AI Score

0.001EPSS

2024-05-23 03:15 PM
55
cve
cve

CVE-2024-5084

The Hash Form – Drag & Drop Form Builder plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the 'file_upload_action' function in all versions up to, and including, 1.1.0. This makes it possible for unauthenticated attackers to upload arbitrary files....

9.8CVSS

7.8AI Score

0.035EPSS

2024-05-23 03:15 PM
53
cve
cve

CVE-2024-2861

The ProfilePress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ProfilePress User Panel widget in all versions up to, and including, 4.15.8 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated...

6.4CVSS

5.7AI Score

0.0004EPSS

2024-05-23 10:15 AM
55
cve
cve

CVE-2024-4261

The Responsive Contact Form Builder & Lead Generation Plugin plugin for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 1.9.1. This is due to the software allowing users to execute an action that does not properly validate a value before running...

5.4CVSS

7.2AI Score

0.0004EPSS

2024-05-22 01:15 PM
25
cve
cve

CVE-2024-2036

The ApplyOnline – Application Form Builder and Manager plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the aol_modal_box AJAX action in all versions up to, and including, 2.6. This makes it possible for authenticated attackers, with subscriber....

4.3CVSS

6.3AI Score

0.0004EPSS

2024-05-22 09:15 AM
26
cve
cve

CVE-2024-4157

The Contact Form Plugin by Fluent Forms for Quiz, Survey, and Drag & Drop WP Form Builder plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 5.1.15 via deserialization of untrusted input in the extractDynamicValues function. This makes it possible for.....

7.5CVSS

7AI Score

0.001EPSS

2024-05-22 08:15 AM
28
cve
cve

CVE-2024-3155

The Post Grid, Form Maker, Popup Maker, WooCommerce Blocks, Post Blocks, Post Carousel – Combo Blocks plugin for WordPress is vulnerable to Stored Cross-Site Scripting via several parameters in all versions up to, and including, 2.2.80 due to insufficient input sanitization and output escaping....

6.4CVSS

5.7AI Score

0.0004EPSS

2024-05-21 03:15 AM
30
cve
cve

CVE-2024-4709

The Contact Form Plugin by Fluent Forms for Quiz, Survey, and Drag & Drop WP Form Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘subject’ parameter in versions up to, and including, 5.1.16 due to insufficient input sanitization and output escaping. This makes it....

7.2CVSS

5.7AI Score

0.001EPSS

2024-05-18 08:15 AM
30
cve
cve

CVE-2024-2782

The Contact Form Plugin by Fluent Forms for Quiz, Survey, and Drag & Drop WP Form Builder plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the /wp-json/fluentform/v1/global-settings REST API endpoint in all versions up to, and including,.....

7.5CVSS

6.5AI Score

0.0005EPSS

2024-05-18 08:15 AM
46
cve
cve

CVE-2024-2772

The Contact Form Plugin by Fluent Forms for Quiz, Survey, and Drag & Drop WP Form Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via form settings in all versions up to, and including, 5.1.13 due to insufficient input sanitization and output escaping. This makes it...

6.4CVSS

6.8AI Score

0.001EPSS

2024-05-18 08:15 AM
30
cve
cve

CVE-2024-2771

The Contact Form Plugin by Fluent Forms for Quiz, Survey, and Drag & Drop WP Form Builder plugin for WordPress is vulnerable to privilege escalation due to a missing capability check on the /wp-json/fluentform/v1/managers REST API endpoint in all versions up to, and including, 5.1.16. This makes...

9.8CVSS

7.7AI Score

0.001EPSS

2024-05-18 08:15 AM
52
cve
cve

CVE-2024-34756

Cross-Site Request Forgery (CSRF) vulnerability in CRM Perks Integration for Contact Form 7 HubSpot.This issue affects Integration for Contact Form 7 HubSpot: from n/a through...

4.3CVSS

6.9AI Score

0.0004EPSS

2024-05-17 10:15 AM
24
cve
cve

CVE-2024-34755

Cross-Site Request Forgery (CSRF) vulnerability in CRM Perks Integration for Contact Form 7 and Salesforce.This issue affects Integration for Contact Form 7 and Salesforce: from n/a through...

4.3CVSS

6.9AI Score

0.0004EPSS

2024-05-17 10:15 AM
27
cve
cve

CVE-2023-23990

Improper Privilege Management vulnerability in Qube One Ltd. Redirection for Contact Form 7 wpcf7-redirect allows Privilege Escalation.This issue affects Redirection for Contact Form 7: from n/a through...

7.6CVSS

6.9AI Score

0.0004EPSS

2024-05-17 07:15 AM
24
cve
cve

CVE-2024-4373

The Sina Extension for Elementor (Slider, Gallery, Form, Modal, Data Table, Tab, Particle, Free Elementor Widgets & Elementor Templates) plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Sina Particle Layer widget in all versions up to, and including, 3.5.3 due to.....

6.4CVSS

5.7AI Score

0.0004EPSS

2024-05-15 02:15 AM
12
cve
cve

CVE-2024-4144

The Simple Basic Contact Form plugin for WordPress for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 20240502. This allows unauthenticated attackers to execute arbitrary shortcodes. The severity and exploitability depends on the functionality of...

6.5CVSS

9.6AI Score

0.001EPSS

2024-05-14 04:17 PM
25
cve
cve

CVE-2024-4333

The Sina Extension for Elementor (Slider, Gallery, Form, Modal, Data Table, Tab, Particle, Free Elementor Widgets & Elementor Templates) plugin for WordPress is vulnerable to DOM-Based Cross-Site Scripting via several parameters in versions up to, and including, 3.5.3 due to insufficient input...

6.4CVSS

8.2AI Score

0.001EPSS

2024-05-14 04:17 PM
24
cve
cve

CVE-2024-4150

The Simple Basic Contact Form plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘scf_email’ parameter in versions up to, and including, 20221201 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject...

6.1CVSS

8.4AI Score

0.001EPSS

2024-05-14 03:42 PM
29
cve
cve

CVE-2024-34817

Cross-Site Request Forgery (CSRF) vulnerability in CRM Perks Integration for Pipedrive and Contact Form 7, WPForms, Elementor, Ninja Forms.This issue affects Integration for Pipedrive and Contact Form 7, WPForms, Elementor, Ninja Forms: from n/a through...

4.3CVSS

6.9AI Score

0.0004EPSS

2024-05-14 03:39 PM
7
cve
cve

CVE-2024-3637

The Responsive Contact Form Builder & Lead Generation Plugin WordPress plugin through 1.8.9 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed.....

5.6AI Score

0.0004EPSS

2024-05-03 06:15 AM
27
cve
cve

CVE-2024-3870

The Contact Form 7 Database Addon – CFDB7 plugin for WordPress is vulnerable to Sensitive Information Exposure in versions up to, and including, 1.2.6.8 via the cfdb7_before_send_mail function. This can allow unauthenticated attackers to extract sensitive data, such as Personally Identifiable...

5.3CVSS

6.7AI Score

0.001EPSS

2024-05-02 05:15 PM
30
cve
cve

CVE-2024-3715

The Database for Contact Form 7, WPforms, Elementor forms plugin for WordPress is vulnerable to Stored Cross-Site Scripting in all versions up to, and including, 1.3.8 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject...

7.2CVSS

6AI Score

0.0005EPSS

2024-05-02 05:15 PM
28
cve
cve

CVE-2024-3717

The Drag and Drop Multiple File Upload – Contact Form 7 plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.3.7.7 via the '/wp-content/uploads/wp_dndcf7_uploads/wpcf7-files' directory. This makes it possible for unauthenticated attackers to.....

5.3CVSS

9.2AI Score

0.0005EPSS

2024-05-02 05:15 PM
27
cve
cve

CVE-2024-3649

The Contact Form by WPForms – Drag & Drop Form Builder for WordPress plugin for WordPress is vulnerable to price manipulation in versions up to, and including, 1.8.7.2. This is due to a lack of controls on several product parameters. This makes it possible for unauthenticated attackers to...

5.3CVSS

6.6AI Score

0.001EPSS

2024-05-02 05:15 PM
27
cve
cve

CVE-2024-3585

The Send PDF for Contact Form 7 plugin for WordPress is vulnerable to unauthorized access of form submissions due to a missing capability check on the hooks function in all versions up to, and including, 1.0.2.3. This makes it possible for unauthenticated attackers to download information about...

5.3CVSS

5AI Score

0.001EPSS

2024-05-02 05:15 PM
21
cve
cve

CVE-2024-3295

The User Registration – Custom Registration Form, Login Form, and User Profile WordPress Plugin plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the profile_pic_remove function in versions up to, and including, 3.1.5. This makes it possible for...

6.5CVSS

6.5AI Score

0.001EPSS

2024-05-02 05:15 PM
47
cve
cve

CVE-2024-2867

The Paid Membership Plugin, Ecommerce, User Registration Form, Login Form, User Profile & Restrict Content – ProfilePress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘title’ parameter in all versions up to, and including, 4.15.4 due to insufficient input sanitization.....

6.4CVSS

5.8AI Score

0.0004EPSS

2024-05-02 05:15 PM
29
cve
cve

CVE-2024-2542

The Jotform Online Forms – Drag & Drop Form Builder, Securely Embed Contact Forms plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcode(s) in all versions up to, and including, 1.3.1 due to insufficient input sanitization and output escaping on user supplied.....

6.4CVSS

5.7AI Score

0.0004EPSS

2024-05-02 05:15 PM
39
cve
cve

CVE-2024-2417

The User Registration – Custom Registration Form, Login Form, and User Profile WordPress Plugin plugin for WordPress is vulnerable to privilege escalation due to a missing capability check on the form_save_action() function in all versions up to, and including, 3.1.5. This makes it possible for...

8.8CVSS

8.8AI Score

0.001EPSS

2024-05-02 05:15 PM
43
cve
cve

CVE-2024-2082

The EleForms – All In One Form Integration including DB for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via several parameters in all versions up to, and including, 2.9.9.7 due to insufficient input sanitization and output escaping. This makes it possible for...

7.2CVSS

6AI Score

0.0005EPSS

2024-05-02 05:15 PM
32
cve
cve

CVE-2024-2043

The EleForms – All In One Form Integration including DB for Elementor plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check when downloading form submissions in all versions up to, and including, 2.9.9.7. This makes it possible for unauthenticated...

5.3CVSS

6.6AI Score

0.001EPSS

2024-05-02 05:15 PM
43
cve
cve

CVE-2024-1945

The Contact Form, Survey & Popup Form Plugin for WordPress – ARForms Form Builder plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the 'arflite_remove_preview_data' function in all versions up to, and including, 1.6.4. This makes it possible for.....

7.1CVSS

6.3AI Score

0.0004EPSS

2024-05-02 05:15 PM
26
cve
cve

CVE-2024-1416

The Responsive Contact Form Builder & Lead Generation Plugin plugin for WordPress is vulnerable to unauthorized access to functionality due to a missing capability check on several functions in all versions up to, and including, 1.8.9. This makes it possible for unauthenticated attackers to invoke....

4.3CVSS

6.6AI Score

0.001EPSS

2024-05-02 05:15 PM
35
cve
cve

CVE-2024-1415

The Responsive Contact Form Builder & Lead Generation Plugin plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.8.9. This is due to missing or incorrect nonce validation on several functions. This makes it possible for unauthenticated attackers....

4.3CVSS

6.3AI Score

0.001EPSS

2024-05-02 05:15 PM
30
cve
cve

CVE-2024-0847

The 5280 Bootstrap Modal Contact Form plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0. This is due to missing or incorrect nonce validation in class-sbmm-list-table.php. This makes it possible for unauthenticated attackers to bulk delete...

4.3CVSS

6.3AI Score

0.0005EPSS

2024-05-02 05:15 PM
25
cve
cve

CVE-2024-2258

The Form Maker by 10Web – Mobile-Friendly Drag & Drop Contact Form Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via a user's display name autofilled into forms in all versions up to, and including, 1.15.24 due to insufficient input sanitization and output escaping....

4.4CVSS

5.7AI Score

0.0004EPSS

2024-04-27 04:15 AM
31
Total number of security vulnerabilities292