Lucene search

K

Google Forms Security Vulnerabilities

cve
cve

CVE-2023-2330

The Caldera Forms Google Sheets Connector WordPress plugin before 1.3 does not have CSRF check when updating its Access Code, which could allow attackers to make logged in admin change the access code to an arbitrary one via a CSRF...

8.8CVSS

8.9AI Score

0.001EPSS

2023-07-17 02:15 PM
9
cve
cve

CVE-2023-2333

The Ninja Forms Google Sheet Connector WordPress plugin before 1.2.7, gsheetconnector-ninja-forms-pro WordPress plugin through 1.2.7 does not escape a parameter before outputting it back in an attribute, leading to a Reflected Cross-Site Scripting which could be used against high privilege users...

6.1CVSS

6.3AI Score

0.001EPSS

2023-07-04 08:15 AM
16
cve
cve

CVE-2023-2324

The Elementor Forms Google Sheet Connector WordPress plugin before 1.0.7, gsheetconnector-for-elementor-forms-pro WordPress plugin through 1.0.7 does not escape some parameters before outputting them back in attributes, leading to Reflected Cross-Site Scripting which could be used against high...

6.1CVSS

6.3AI Score

0.001EPSS

2023-07-04 08:15 AM
11
cve
cve

CVE-2023-2326

The Gravity Forms Google Sheet Connector WordPress plugin before 1.3.5, gsheetconnector-gravityforms-pro WordPress plugin through 1.3.5 does not have CSRF check when updating its Access Code, which could allow attackers to make logged in admin change the access code to an arbitrary one via a CSRF.....

6.5CVSS

6.5AI Score

0.001EPSS

2023-06-27 02:15 PM
14
cve
cve

CVE-2022-3834

The Google Forms WordPress plugin through 0.95 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite...

4.8CVSS

4.7AI Score

0.001EPSS

2022-11-28 02:15 PM
26
4
cve
cve

CVE-2022-3171

A parsing issue with binary data in protobuf-java core and lite versions prior to 3.21.7, 3.20.3, 3.19.6 and 3.16.3 can lead to a denial of service attack. Inputs containing multiple instances of non-repeated embedded messages with repeated or unknown fields causes objects to be converted...

7.5CVSS

7.4AI Score

0.001EPSS

2022-10-12 11:15 PM
421
7
cve
cve

CVE-2018-20988

The wpgform plugin before 0.94 for WordPress has eval injection in the CAPTCHA...

7.5CVSS

7.7AI Score

0.001EPSS

2019-08-22 07:15 PM
29