Lucene search
K

10 matches found

Nuclei
Nuclei
added yesterday19 views

Contact Form Plugin by Fluent Forms < 5.1.17 - Unauthenticated Limited Privilege Escalation

The plugin is vulnerable to privilege escalation due to a missing capability check on the /wp-json/fluentform/v1/managers REST API endpoint. This makes it possible for unauthenticated attackers to grant users with Fluent Form management permissions which gives them access to all of the plugin's...

9.8CVSS6AI score0.02333EPSS
Exploits1References3
NVD
NVD
added 2024/05/22 8:15 a.m.37 views

CVE-2024-4157

The Contact Form Plugin by Fluent Forms for Quiz, Survey, and Drag & Drop WP Form Builder plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 5.1.15 via deserialization of untrusted input in the extractDynamicValues function. This makes it possible for...

8.8CVSS7.3AI score0.00696EPSS
Exploits1References2
Vulnrichment
Vulnrichment
added 2024/05/22 7:37 a.m.26 views

CVE-2024-4157 Contact Form Plugin by Fluent Forms for Quiz, Survey, and Drag & Drop WP Form Builder <= 5.1.15 - PHP Object Injection via extractDynamicValues

The Contact Form Plugin by Fluent Forms for Quiz, Survey, and Drag & Drop WP Form Builder plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 5.1.15 via deserialization of untrusted input in the extractDynamicValues function. This makes it possible for...

7.5CVSS6.5AI score0.00696EPSS
Exploits1References2
Cvelist
Cvelist
added 2024/05/22 7:37 a.m.35 views

CVE-2024-4157 Contact Form Plugin by Fluent Forms for Quiz, Survey, and Drag & Drop WP Form Builder <= 5.1.15 - PHP Object Injection via extractDynamicValues

The Contact Form Plugin by Fluent Forms for Quiz, Survey, and Drag & Drop WP Form Builder plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 5.1.15 via deserialization of untrusted input in the extractDynamicValues function. This makes it possible for...

7.5CVSS7.9AI score0.00696EPSS
Exploits1References2
CVE
CVE
added 2024/05/22 7:37 a.m.73 views

CVE-2024-4157

CVE-2024-4157 covers a PHP Object Injection vulnerability in the WordPress plugin “Contact Form Plugin by Fluent Forms for Quiz, Survey, and Drag & Drop WP Form Builder.” All versions up to and including 5.1.15 are affected via deserialization in the extractDynamicValues function. Exploitation re...

8.8CVSS7.9AI score0.00696EPSS
Exploits1References2Affected Software1
WPVulnDB
WPVulnDB
added 2024/05/22 12:0 a.m.29 views

Contact Form Plugin by Fluent Forms < 5.1.16 - Contributor+ PHP Object Injection

Description The plugin is vulnerable to PHP Object Injection via deserialization of untrusted input in the extractDynamicValues function. This makes it possible for authenticated attackers, with contributor-level access and above, to inject a PHP Object. If a POP chain is present via an additiona...

9.8CVSS6.9AI score0.02333EPSS
Exploits2References1Affected Software1
Circl
Circl
added 2024/05/21 3:30 p.m.20 views

CVE-2024-2771

creationtimestamp| type| source ---|---|--- 2024-05-21 15:30:04+00:00| seen| https://t.me/HackingInsights/727 2025-08-03 09:00:06+00:00| published-proof-of-concept| Telegram/k9l6whAFym9ZbJh5WMNbuyJuC8dcnnMOMGxizovh2wCYo8 2025-08-05 21:02:20+00:00| seen|...

9.8CVSS5.7AI score0.02333EPSS
Exploits1References4
WPVulnDB
WPVulnDB
added 2024/05/21 12:0 a.m.23 views

Contact Form Plugin by Fluent Forms < 5.1.14 - Subscriber+ Stored XSS

Description The plugin is vulnerable to Stored Cross-Site Scripting via form settings due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with access to the Fluent Forms settings, to inject arbitrary web scripts in pages that will execut...

9.8CVSS5.5AI score0.02333EPSS
Exploits1References1Affected Software1
Patchstack
Patchstack
added 2024/05/20 12:0 a.m.25 views

WordPress FluentForm Plugin <= 5.1.16 is vulnerable to Privilege Escalation

Software FluentForm Type Plugin Vulnerable versions = 5.1.16 Fixed in 5.1.17 OWASP Top 10 A7: Identification and Authentication Failures Classification Privilege Escalation CVE CVE-2024-2771 Patch priority High CVSS severity High 9.8 Developer Claim ownership PSID d5d5aedf6c4b Credits Tobias...

9.8CVSS6.4AI score0.02333EPSS
Exploits1References3Affected Software1
NVD
NVD
added 2024/05/18 8:15 a.m.38 views

CVE-2024-2771

The Contact Form Plugin by Fluent Forms for Quiz, Survey, and Drag & Drop WP Form Builder plugin for WordPress is vulnerable to privilege escalation due to a missing capability check on the /wp-json/fluentform/v1/managers REST API endpoint in all versions up to, and including, 5.1.16. This makes ...

9.8CVSS6.9AI score0.02333EPSS
Exploits1References2
Rows per page
Query Builder