273 matches found
PT-2024-22010 · WordPress · Contact Form Plugin By Fluent Forms
Name of the Vulnerable Software and Affected Versions: The Contact Form Plugin by Fluent Forms for Quiz, Survey, and Drag & Drop WP Form Builder plugin for WordPress versions up to, and including, 5.1.13 Description: The issue is related to Stored Cross-Site Scripting via form settings due to...
CVE-2023-6957
The Fluent Forms plugin for WordPress by Fluent Forms plugin for WordPress is vulnerable to Stored Cross-Site Scripting in all versions up to, and including, 5.1.9 due to insufficient input sanitization and output escaping. This makes it possible for attackers to inject arbitrary web scripts in...
CVE-2023-6957
CVE-2023-6957 (Fluent Forms, WordPress) Stored XSS in Fluent Forms up to 5.1.9 caused by insufficient input sanitization and output escaping. Impact depends on who can create forms (admin/contributor range); scripts can execute when a user visits an injected page. Remediation: upgrade to a versio...
CVE-2023-6957 Fluent Forms <= 5.1.9 - Authenticated (Contributor+) Stored Cross-Site Scripting
The Fluent Forms plugin for WordPress by Fluent Forms plugin for WordPress is vulnerable to Stored Cross-Site Scripting in all versions up to, and including, 5.1.9 due to insufficient input sanitization and output escaping. This makes it possible for attackers to inject arbitrary web scripts in...
PT-2024-15140 · WordPress · Fluent Forms
Name of the Vulnerable Software and Affected Versions: Fluent Forms plugin for WordPress versions up to, and including, 5.1.9 Description: The issue is related to Stored Cross-Site Scripting due to insufficient input sanitization and output escaping. This allows attackers to inject arbitrary web...
WordPress Plugin Fluent Forms Security Vulnerability
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A security vulnerability exists in WordPres...
Fluent Forms < 5.1.10 - Authenticated (Contributor+) Stored Cross-Site Scripting
Description The Fluent Forms plugin for WordPress by Fluent Forms plugin for WordPress is vulnerable to Stored Cross-Site Scripting in all versions up to, and including, 5.1.9 due to insufficient input sanitization and output escaping. This makes it possible for attackers to inject arbitrary web...
CVE-2023-6953
The PDF Generator For Fluent Forms – The Contact Form Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the header, PDF body and footer content parameters in all versions up to, and including, 1.1.7 due to insufficient input sanitization and output escaping. This makes ...
CVE-2023-6953 PDF Generator For Fluent Forms <= 1.1.7 - Cross-Site Scripting
The PDF Generator For Fluent Forms – The Contact Form Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the header, PDF body and footer content parameters in all versions up to, and including, 1.1.7 due to insufficient input sanitization and output escaping. This makes ...
CVE-2023-6953
CVE-2023-6953: The PDF Generator For Fluent Forms – The Contact Form Plugin (WordPress) is vulnerable to Stored XSS via header, PDF body, and footer content in all versions up to 1.1.7 due to insufficient input sanitization and output escaping. Affected versions are
WordPress plugin PDF Generator For Fluent Forms Security Vulnerability
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports PHP and MySQL servers to set up a personal blog site. WordPress plugin is an application plug-in. WordPress plugin PDF Generator Fo...
CVE-2024-0618
The Contact Form Plugin – Fastest Contact Form Builder Plugin for WordPress by Fluent Forms plugin for WordPress is vulnerable to Stored Cross-Site Scripting via imported form titles in all versions up to, and including, 5.1.5 due to insufficient input sanitization and output escaping. This makes...
CVE-2024-0618 Fluent Forms <= 5.1.5 - Authenticated(Administrator+) Stored Cross-Site Scripting via imported form title
The Contact Form Plugin – Fastest Contact Form Builder Plugin for WordPress by Fluent Forms plugin for WordPress is vulnerable to Stored Cross-Site Scripting via imported form titles in all versions up to, and including, 5.1.5 due to insufficient input sanitization and output escaping. This makes...
CVE-2024-0618
CVE-2024-0618 affects the Fluent Form plugin for WordPress (Contact Form Plugin – Fastest Contact Form Builder) up to version 5.1.5. The issue is a stored Cross-Site Scripting (XSS) vulnerability caused by insufficient input sanitization and output escaping for imported form titles. The vulnerabi...
WordPress plugin Fluent Forms security vulnerability
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers running PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability exists in...
PT-2024-15694 · WordPress · Fluent Forms
Name of the Vulnerable Software and Affected Versions: The Contact Form Plugin – Fastest Contact Form Builder Plugin for WordPress by Fluent Forms plugin for WordPress versions up to, and including, 5.1.5 Description: The issue is related to Stored Cross-Site Scripting via imported form titles du...
WordPress PDF Generator For Fluent Forms Plugin <= 1.1.7 is vulnerable to Cross Site Scripting (XSS)
Software PDF Generator For Fluent Forms Type Plugin Vulnerable versions = 1.1.7 Fixed in 1.1.8 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-6953 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID f3bea2a974ac Credits drop...
PDF Generator For Fluent Forms < 1.1.8 - Cross-Site Scripting
Description The PDF Generator For Fluent Forms – The Contact Form Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the header, PDF body and footer content parameters in all versions up to, and including, 1.1.7 due to insufficient input sanitization and output escaping...
Fluent Forms < 5.1.7 - Admin+ Stored Cross-Site Scripting via imported form title
Description The plugin is vulnerable to Stored Cross-Site Scripting via imported form titles in all versions up to, and including, 5.1.5 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level access, to inject...
Contact Form for Plugin by Fluent Forms < 5.0.9 - Insecure Direct Object Reference
Description The Contact Form for Plugin by Fluent Forms plugin for WordPress is vulnerable to Insecure Direct Object Reference in versions up to, and including, 5.0.8 via the addIsRenderableFilter function due to missing validation on the publication status of a form. This makes it possible for...