Survey Maker – Best WordPress Survey Plugin Security Vulnerabilities

CVE-2024-3549

The Blog2Social: Social Media Auto Post & Scheduler plugin for WordPress is vulnerable to SQL Injection via the 'b2sSortPostType' parameter in all versions up to, and including, 7.4.1 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL....

CVE-2024-3549

The Blog2Social: Social Media Auto Post & Scheduler plugin for WordPress is vulnerable to SQL Injection via the 'b2sSortPostType' parameter in all versions up to, and including, 7.4.1 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL....

CVE-2024-3549 Blog2Social: Social Media Auto Post & Scheduler <= 7.4.1 - Authenticated (Subscriber+) SQL Injection

The Blog2Social: Social Media Auto Post & Scheduler plugin for WordPress is vulnerable to SQL Injection via the 'b2sSortPostType' parameter in all versions up to, and including, 7.4.1 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL....

CVE-2024-4319

The Advanced Contact form 7 DB plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the 'vsz_cf7_export_to_excel' function in versions up to, and including, 2.0.2. This makes it possible for unauthenticated attackers to download the entry data for.....

CVE-2024-4319

The Advanced Contact form 7 DB plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the 'vsz_cf7_export_to_excel' function in versions up to, and including, 2.0.2. This makes it possible for unauthenticated attackers to download the entry data for.....

CVE-2024-3723

The Advanced Contact form 7 DB plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.0.2 via the wp-content/uploads/advanced-cf7-upload directory. This makes it possible for unauthenticated attackers to extract sensitive data uploaded via this....

CVE-2024-3723

The Advanced Contact form 7 DB plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.0.2 via the wp-content/uploads/advanced-cf7-upload directory. This makes it possible for unauthenticated attackers to extract sensitive data uploaded via this....

CVE-2024-3723 Advanced Contact form 7 DB <= 2.0.2 - Sensitive Information Exposure

The Advanced Contact form 7 DB plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.0.2 via the wp-content/uploads/advanced-cf7-upload directory. This makes it possible for unauthenticated attackers to extract sensitive data uploaded via this....

CVE-2024-4319 Advanced Contact form 7 DB <= 2.0.2 - Missing Authorization to Unauthenticated Information Disclosure

The Advanced Contact form 7 DB plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the 'vsz_cf7_export_to_excel' function in versions up to, and including, 2.0.2. This makes it possible for unauthenticated attackers to download the entry data for.....

CVE-2024-5530

The ShopLentor – WooCommerce Builder for Elementor & Gutenberg +12 Modules – All in One Solution (formerly WooLentor) plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's WL: Product Horizontal Filter widget in all versions up to, and including, 2.9.0 due to...

CVE-2024-5530

The ShopLentor – WooCommerce Builder for Elementor & Gutenberg +12 Modules – All in One Solution (formerly WooLentor) plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's WL: Product Horizontal Filter widget in all versions up to, and including, 2.9.0 due to...

CVE-2024-5530 ShopLentor – WooCommerce Builder for Elementor & Gutenberg +12 Modules – All in One Solution (formerly WooLentor) <= 2.9.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via WL Product Horizontal Filter Widget

The ShopLentor – WooCommerce Builder for Elementor & Gutenberg +12 Modules – All in One Solution (formerly WooLentor) plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's WL: Product Horizontal Filter widget in all versions up to, and including, 2.9.0 due to...

CVE-2023-7264

The Build App Online plugin for WordPress is vulnerable to account takeover due to a weak password reset mechanism in all versions up to, and including, 1.0.21. This makes it possible for unauthenticated attackers to reset the password of arbitrary users by guessing an 4-digit numeric reset...

CVE-2023-7264

The Build App Online plugin for WordPress is vulnerable to account takeover due to a weak password reset mechanism in all versions up to, and including, 1.0.21. This makes it possible for unauthenticated attackers to reset the password of arbitrary users by guessing an 4-digit numeric reset...

CVE-2023-7264 Build App Online <= 1.0.21 - Account Takeover via Weak Password Reset Mechanism

The Build App Online plugin for WordPress is vulnerable to account takeover due to a weak password reset mechanism in all versions up to, and including, 1.0.21. This makes it possible for unauthenticated attackers to reset the password of arbitrary users by guessing an 4-digit numeric reset...

CVE-2024-5090

The SiteOrigin Widgets Bundle plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's SiteOrigin Blog Widget in all versions up to, and including, 1.61.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...

CVE-2024-5090

The SiteOrigin Widgets Bundle plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's SiteOrigin Blog Widget in all versions up to, and including, 1.61.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...

CVE-2024-2473

The WPS Hide Login plugin for WordPress is vulnerable to Login Page Disclosure in all versions up to, and including, 1.9.15.2. This is due to a bypass that is created when the 'action=postpass' parameter is supplied. This makes it possible for attackers to easily discover any login page that may...

CVE-2024-2473

The WPS Hide Login plugin for WordPress is vulnerable to Login Page Disclosure in all versions up to, and including, 1.9.15.2. This is due to a bypass that is created when the 'action=postpass' parameter is supplied. This makes it possible for attackers to easily discover any login page that may...

CVE-2023-6748

The Custom Field Template plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.6.1 via the 'cft' shortcode. This makes it possible for authenticated attackers with contributor access and above, to extract sensitive data including arbitrary...

CVE-2023-6745

The Custom Field Template plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'cpt' shortcode in all versions up to, and including, 2.6.1 due to insufficient input sanitization and output escaping on user supplied post meta. This makes it possible for authenticated...

CVE-2024-0627

The Custom Field Template plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's custom field name column in all versions up to, and including, 2.6.1 due to insufficient input sanitization and output escaping on user supplied custom fields. This makes it possible for...

CVE-2024-0627

The Custom Field Template plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's custom field name column in all versions up to, and including, 2.6.1 due to insufficient input sanitization and output escaping on user supplied custom fields. This makes it possible for...

CVE-2024-0653

The Custom Field Template plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 2.6.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level...

CVE-2024-0653

The Custom Field Template plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 2.6.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level...

CVE-2023-6748

The Custom Field Template plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.6.1 via the 'cft' shortcode. This makes it possible for authenticated attackers with contributor access and above, to extract sensitive data including arbitrary...

CVE-2023-6745

The Custom Field Template plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'cpt' shortcode in all versions up to, and including, 2.6.1 due to insufficient input sanitization and output escaping on user supplied post meta. This makes it possible for authenticated...

CVE-2024-21626 vulnerabilities

Vulnerabilities for packages: kubescape, zot, cadvisor, syft, grype, skaffold, nerdctl, runc, skopeo, trivy, ctop, kaniko, nvidia-device-plugin, kubernetes, ingress-nginx-controller, docker, buildkitd, k3d, kots, datadog-agent, k9s, telegraf, newrelic-infrastructure-agent, zarf, wolfictl,...

GHSA-VVPX-J8F3-3W6H vulnerabilities

Vulnerabilities for packages: falco, go, dynamic-localpv-provisioner, k3d, restic, grpcurl, wireguard-go, gke-gcloud-auth-plugin,...

CVE-2023-44487 vulnerabilities

Vulnerabilities for packages: tctl, wireguard-go, gitlab-runner, grype, gke-gcloud-auth-plugin, nginx-mainline, prometheus, skaffold, argo-cd, slsa-verifier, gatekeeper, amass, aactl, nghttp2, terraform-provider-azurerm, flux-source-controller, stakater-reloader, nats, pulumi-language-java,...

GHSA-8R3F-844C-MC37 vulnerabilities

Vulnerabilities for packages: grafana, capslock, jaeger-agent, step-ca, rook, kubernetes-dashboard-metrics-scraper, logstash-exporter, k8ssandra-operator, tctl, gitlab-runner, grype, prometheus, prometheus-beat-exporter, skaffold, kubeflow-pipelines, prometheus-alertmanager,...

CVE-2023-45289 vulnerabilities

Vulnerabilities for packages: lazygit, capslock, dive, mage, aws-flb-firehose, kubernetes-dashboard-metrics-scraper, logstash-exporter, k8ssandra-operator, tctl, wireguard-go, gitlab-runner, grype, gke-gcloud-auth-plugin, prometheus, prometheus-beat-exporter, skaffold, kubeflow-pipelines,...

CVE-2023-45288 vulnerabilities

Vulnerabilities for packages: spegel, wireguard-go, prometheus-beat-exporter, prometheus-alertmanager, vertical-pod-autoscaler, slsa-verifier, gatekeeper, aactl, tekton-chains, secrets-store-csi-driver-provider-aws, trillian, terraform-provider-azurerm, cert-manager-webhook-pdns,...

CVE-2024-24787 vulnerabilities

Vulnerabilities for packages: lazygit, capslock, dive, jaeger-agent, step-ca, mage, kubernetes-dashboard-metrics-scraper, spegel, logstash-exporter, wireguard-go, gitlab-runner, prometheus-beat-exporter, gke-gcloud-auth-plugin, skaffold, ksops, prometheus-alertmanager, http-echo, gobump,...

GHSA-5FQ7-4MXC-535H vulnerabilities

Vulnerabilities for packages: lazygit, capslock, dive, jaeger-agent, step-ca, mage, kubernetes-dashboard-metrics-scraper, spegel, logstash-exporter, wireguard-go, gitlab-runner, prometheus-beat-exporter, gke-gcloud-auth-plugin, skaffold, ksops, prometheus-alertmanager, http-echo, gobump,...

CVE-2024-24789 vulnerabilities

Vulnerabilities for packages: spegel, pluto, wireguard-go, prometheus-beat-exporter, ksops, prometheus-alertmanager, slsa-verifier, gatekeeper, ctop, aactl, tekton-chains, secrets-store-csi-driver-provider-aws, trillian, terraform-provider-azurerm, cert-manager-webhook-pdns,...

CVE-2023-3978 vulnerabilities

Vulnerabilities for packages: dive, kubernetes-dashboard-metrics-scraper, tctl, wireguard-go, gitlab-runner, prometheus, gke-gcloud-auth-plugin, skaffold, prometheus-alertmanager, vertical-pod-autoscaler, argo-cd, thanos-operator, gatekeeper, bank-vaults, aactl, k3d, trillian, cloud-sql-proxy,...

CVE-2024-24786 vulnerabilities

Vulnerabilities for packages: grafana, capslock, jaeger-agent, step-ca, rook, kubernetes-dashboard-metrics-scraper, logstash-exporter, k8ssandra-operator, tctl, gitlab-runner, grype, prometheus, prometheus-beat-exporter, skaffold, kubeflow-pipelines, prometheus-alertmanager,...

CVE-2024-24784 vulnerabilities

Vulnerabilities for packages: lazygit, capslock, dive, mage, aws-flb-firehose, kubernetes-dashboard-metrics-scraper, logstash-exporter, k8ssandra-operator, tctl, wireguard-go, gitlab-runner, grype, gke-gcloud-auth-plugin, prometheus, prometheus-beat-exporter, skaffold, kubeflow-pipelines,...

GHSA-RR6R-CFGF-GC6H vulnerabilities

Vulnerabilities for packages: lazygit, capslock, dive, mage, aws-flb-firehose, kubernetes-dashboard-metrics-scraper, logstash-exporter, k8ssandra-operator, tctl, wireguard-go, gitlab-runner, grype, gke-gcloud-auth-plugin, prometheus, prometheus-beat-exporter, skaffold, kubeflow-pipelines,...

CVE-2022-41723 vulnerabilities

Vulnerabilities for packages: falco, go, dynamic-localpv-provisioner, k3d, restic, grpcurl, wireguard-go, gke-gcloud-auth-plugin,...

CVE-2023-45285 vulnerabilities

Vulnerabilities for packages: gops, nats, metrics-server, smarter-device-manager, mage, aws-flb-firehose, kubernetes-dashboard-metrics-scraper, go-md2man, prometheus-stackdriver-exporter, gke-gcloud-auth-plugin, cilium-envoy, aws-flb-cloudwatch, local-path-provisioner, falco, influx,...

GHSA-4V7X-PQXF-CX7M vulnerabilities

Vulnerabilities for packages: spegel, wireguard-go, prometheus-beat-exporter, prometheus-alertmanager, vertical-pod-autoscaler, slsa-verifier, gatekeeper, aactl, tekton-chains, secrets-store-csi-driver-provider-aws, trillian, terraform-provider-azurerm, cert-manager-webhook-pdns,...

CVE-2023-39325 vulnerabilities

Vulnerabilities for packages: dive, kubernetes-dashboard-metrics-scraper, tctl, wireguard-go, gitlab-runner, prometheus, gke-gcloud-auth-plugin, skaffold, prometheus-alertmanager, vertical-pod-autoscaler, argo-cd, thanos-operator, slsa-verifier, gatekeeper, bank-vaults, istio-pilot-discovery,...

GHSA-3Q2C-PVP5-3CQP vulnerabilities

Vulnerabilities for packages: lazygit, capslock, dive, mage, aws-flb-firehose, kubernetes-dashboard-metrics-scraper, logstash-exporter, k8ssandra-operator, tctl, wireguard-go, gitlab-runner, grype, gke-gcloud-auth-plugin, prometheus, prometheus-beat-exporter, skaffold, kubeflow-pipelines,...

GHSA-FGQ5-Q76C-GX78 vulnerabilities

Vulnerabilities for packages: lazygit, capslock, dive, mage, aws-flb-firehose, kubernetes-dashboard-metrics-scraper, logstash-exporter, k8ssandra-operator, tctl, wireguard-go, gitlab-runner, grype, gke-gcloud-auth-plugin, prometheus, prometheus-beat-exporter, skaffold, kubeflow-pipelines,...

GHSA-J6M3-GC37-6R6Q vulnerabilities

Vulnerabilities for packages: lazygit, capslock, dive, mage, aws-flb-firehose, kubernetes-dashboard-metrics-scraper, logstash-exporter, k8ssandra-operator, tctl, wireguard-go, gitlab-runner, grype, gke-gcloud-auth-plugin, prometheus, prometheus-beat-exporter, skaffold, kubeflow-pipelines,...

GHSA-2JWV-JMQ4-4J3R vulnerabilities

Vulnerabilities for packages: lazygit, capslock, dive, jaeger-agent, step-ca, mage, kubernetes-dashboard-metrics-scraper, spegel, logstash-exporter, wireguard-go, gitlab-runner, prometheus-beat-exporter, gke-gcloud-auth-plugin, skaffold, ksops, prometheus-alertmanager, http-echo, gobump,...

CVE-2024-24790 vulnerabilities

Vulnerabilities for packages: spegel, pluto, wireguard-go, prometheus-beat-exporter, ksops, prometheus-alertmanager, slsa-verifier, gatekeeper, ctop, aactl, tekton-chains, secrets-store-csi-driver-provider-aws, trillian, terraform-provider-azurerm, cert-manager-webhook-pdns,...

GHSA-49GW-VXVF-FC2G vulnerabilities

Vulnerabilities for packages: spegel, pluto, wireguard-go, prometheus-beat-exporter, ksops, prometheus-alertmanager, slsa-verifier, gatekeeper, ctop, aactl, tekton-chains, secrets-store-csi-driver-provider-aws, trillian, terraform-provider-azurerm, cert-manager-webhook-pdns,...