Lucene search
+L

253 matches found

Cvelist
Cvelist
added 2025/03/31 12:55 p.m.21 views

CVE-2025-31615 WordPress Simple Contact Forms plugin <= 1.6.4 - CSRF to Stored XSS vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in owenr88 Simple Contact Forms simple-contact-forms allows Stored XSS.This issue affects Simple Contact Forms: from n/a through = 1.6.4...

7.1CVSS0.00224EPSS
Exploits0References1
CNNVD
CNNVD
added 2025/03/31 12:0 a.m.4 views

WordPress plugin Simple Contact Forms 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers running PHP and MySQL. WordPress plugin is an application plugin. A cross-site scripting vulnerabili...

7.1CVSS7.6AI score0.00224EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2025/02/05 7:57 a.m.11 views

CVE-2024-29117

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Cimatti Consulting Contact Forms by Cimatti allows Stored XSS.This issue affects Contact Forms by Cimatti: from n/a through 1.7.0...

7.1CVSS8.6AI score0.00398EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/02/05 6:11 a.m.6 views

CVE-2024-49235

Insertion of Sensitive Information Into Sent Data vulnerability in videowhisper Contact Forms, Live Support, CRM, Video Messages live-support-tickets allows Retrieve Embedded Sensitive Data.This issue affects Contact Forms, Live Support, CRM, Video Messages: from n/a through = 1.10.2...

7.5CVSS5.9AI score0.0044EPSS
Exploits0References1
NVD
NVD
added 2025/02/01 4:15 a.m.24 views

CVE-2024-12184

The WordPress Contact Forms by Cimatti plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the accuaformsdownloadsubmittedfile function in all versions up to, and including, 1.9.4. This makes it possible for unauthenticated attackers to download...

5.3CVSS0.00377EPSS
Exploits0References3
Patchstack
Patchstack
added 2025/01/31 11:17 p.m.9 views

WordPress WordPress Contact Forms by Cimatti plugin <= 1.9.4 - Missing Authorization to Unauthenticated Form Submission Download vulnerability

Missing Authorization to Unauthenticated Form Submission Download vulnerability discovered by rcl25 in WordPress Plugin Contact Forms by Cimatti versions = 1.9.4...

5.3CVSS7AI score0.00377EPSS
Exploits0References1Affected Software1
OSV
OSV
added 2024/12/13 3:15 p.m.6 views

CVE-2023-35051

Missing Authorization vulnerability in Cimatti Consulting Contact Forms by Cimatti allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Contact Forms by Cimatti: from n/a through 1.5.7...

8.8CVSS5.8AI score0.00541EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2024/12/13 3:15 p.m.5 views

CVE-2023-34387

Missing Authorization vulnerability in Constant Contact Constant Contact Forms constant-contact-forms allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Constant Contact Forms: from n/a through = 2.0.3...

4.3CVSS5.8AI score0.00462EPSS
Exploits0References3
NVD
NVD
added 2024/12/13 3:15 p.m.15 views

CVE-2023-34387

Missing Authorization vulnerability in Constant Contact Constant Contact Forms allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Constant Contact Forms: from n/a through 2.0.3...

4.3CVSS0.00462EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2024/12/13 3:15 p.m.5 views

CVE-2023-35051

Missing Authorization vulnerability in cimatti Contact Forms by Cimatti contact-forms allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Contact Forms by Cimatti: from n/a through = 1.5.7...

8.8CVSS5.8AI score0.00541EPSS
Exploits0References3
NVD
NVD
added 2024/12/13 3:15 p.m.29 views

CVE-2023-35051

Missing Authorization vulnerability in Cimatti Consulting Contact Forms by Cimatti allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Contact Forms by Cimatti: from n/a through 1.5.7...

8.8CVSS0.00541EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2024/12/13 2:23 p.m.10 views

CVE-2023-35051 WordPress Contact Forms by Cimatti plugin <= 1.5.7 - Broken Access Control vulnerability

Missing Authorization vulnerability in cimatti Contact Forms by Cimatti contact-forms allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Contact Forms by Cimatti: from n/a through = 1.5.7...

5.4CVSS5.8AI score0.00541EPSS
Exploits0References1
Cvelist
Cvelist
added 2024/12/13 2:23 p.m.27 views

CVE-2023-35051 WordPress Contact Forms by Cimatti plugin <= 1.5.7 - Broken Access Control vulnerability

Missing Authorization vulnerability in Cimatti Consulting Contact Forms by Cimatti allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Contact Forms by Cimatti: from n/a through 1.5.7...

5.4CVSS0.00541EPSS
Exploits0References1
CVE
CVE
added 2024/12/13 2:23 p.m.54 views

CVE-2023-35051

CVE-2023-35051 affects the WordPress plugin Contact Forms by Cimatti (≤ 1.5.7). It is a Broken Access Control issue caused by missing authorization checks, enabling improper access. Patchstack documents a fix in 1.5.8; upgrade to 1.5.8 or newer to mitigate. CVSSv3.1 from Patchstack is 5.4 (MEDIUM...

8.8CVSS5.1AI score0.00541EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2024/12/13 2:23 p.m.21 views

CVE-2023-34387 WordPress Constant Contact Forms plugin <= 2.0.3 - Broken Access Control vulnerability

Missing Authorization vulnerability in Constant Contact Constant Contact Forms allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Constant Contact Forms: from n/a through 2.0.3...

4.3CVSS0.00462EPSS
Exploits0References1
CNNVD
CNNVD
added 2024/12/13 12:0 a.m.7 views

WordPress plugin Constant Contact Forms 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed in the PHP language. The platform supports personal blog sites on servers with PHP and MySQL. WordPress plugin is an application plugin. A security vulnerability exists in...

4.3CVSS8.6AI score0.00462EPSS
Exploits0References1
Patchstack
Patchstack
added 2024/11/27 2:20 p.m.8 views

WordPress WordPress Contact Forms by Cimatti plugin <= 1.9.2 - Cross-Site Request Forgery via process_bulk_action Function vulnerability

Cross-Site Request Forgery via processbulkaction Function vulnerability discovered by vgo0 in WordPress Plugin Contact Forms by Cimatti versions = 1.9.2...

4.3CVSS7AI score0.00212EPSS
Exploits0References1Affected Software1
OSV
OSV
added 2024/11/27 11:15 a.m.5 views

CVE-2024-10521

The WordPress Contact Forms by Cimatti plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.9.2. This is due to missing or incorrect nonce validation on the processbulkaction function. This makes it possible for unauthenticated attackers to dele...

4.3CVSS5.7AI score0.00212EPSS
Exploits0References5
NVD
NVD
added 2024/11/27 11:15 a.m.43 views

CVE-2024-10521

The WordPress Contact Forms by Cimatti plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.9.2. This is due to missing or incorrect nonce validation on the processbulkaction function. This makes it possible for unauthenticated attackers to dele...

4.3CVSS0.00212EPSS
Exploits0References5
CVE
CVE
added 2024/11/27 11:3 a.m.68 views

CVE-2024-10521

CVE-2024-10521 affects WordPress Contact Forms by Cimatti (WordPress plugin). It is a Cross-Site Request Forgery vulnerability caused by missing or incorrect nonce validation in the process_bulk_action function, allowing unauthenticated attackers to delete forms via forged requests if a site admi...

4.3CVSS4.3AI score0.00212EPSS
Exploits0References5Affected Software1
Rows per page
Query Builder