Lucene search
+L

273 matches found

Positive Technologies
Positive Technologies
added 2024/05/18 12:0 a.m.14 views

PT-2024-22010 · WordPress · Contact Form Plugin By Fluent Forms

Name of the Vulnerable Software and Affected Versions: The Contact Form Plugin by Fluent Forms for Quiz, Survey, and Drag & Drop WP Form Builder plugin for WordPress versions up to, and including, 5.1.13 Description: The issue is related to Stored Cross-Site Scripting via form settings due to...

6.4CVSS5.9AI score0.00257EPSS
Exploits0References7
OSV
OSV
added 2024/03/13 4:15 p.m.3 views

CVE-2023-6957

The Fluent Forms plugin for WordPress by Fluent Forms plugin for WordPress is vulnerable to Stored Cross-Site Scripting in all versions up to, and including, 5.1.9 due to insufficient input sanitization and output escaping. This makes it possible for attackers to inject arbitrary web scripts in...

5.4CVSS5.9AI score0.00382EPSS
Exploits0References2
CVE
CVE
added 2024/03/13 3:27 p.m.51 views

CVE-2023-6957

CVE-2023-6957 (Fluent Forms, WordPress) Stored XSS in Fluent Forms up to 5.1.9 caused by insufficient input sanitization and output escaping. Impact depends on who can create forms (admin/contributor range); scripts can execute when a user visits an injected page. Remediation: upgrade to a versio...

5.4CVSS5.5AI score0.00382EPSS
Exploits0References2Affected Software1
Vulnrichment
Vulnrichment
added 2024/03/13 3:27 p.m.15 views

CVE-2023-6957 Fluent Forms <= 5.1.9 - Authenticated (Contributor+) Stored Cross-Site Scripting

The Fluent Forms plugin for WordPress by Fluent Forms plugin for WordPress is vulnerable to Stored Cross-Site Scripting in all versions up to, and including, 5.1.9 due to insufficient input sanitization and output escaping. This makes it possible for attackers to inject arbitrary web scripts in...

4.9CVSS6.8AI score0.00382EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2024/03/13 12:0 a.m.10 views

PT-2024-15140 · WordPress · Fluent Forms

Name of the Vulnerable Software and Affected Versions: Fluent Forms plugin for WordPress versions up to, and including, 5.1.9 Description: The issue is related to Stored Cross-Site Scripting due to insufficient input sanitization and output escaping. This allows attackers to inject arbitrary web...

5.4CVSS6.3AI score0.00382EPSS
Exploits0References7
CNNVD
CNNVD
added 2024/03/13 12:0 a.m.6 views

WordPress Plugin Fluent Forms Security Vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A security vulnerability exists in WordPres...

5.4CVSS5.8AI score0.00382EPSS
Exploits0References3
WPVulnDB
WPVulnDB
added 2024/03/07 12:0 a.m.25 views

Fluent Forms < 5.1.10 - Authenticated (Contributor+) Stored Cross-Site Scripting

Description The Fluent Forms plugin for WordPress by Fluent Forms plugin for WordPress is vulnerable to Stored Cross-Site Scripting in all versions up to, and including, 5.1.9 due to insufficient input sanitization and output escaping. This makes it possible for attackers to inject arbitrary web...

5.4CVSS6AI score0.00382EPSS
Exploits0References1Affected Software1
OSV
OSV
added 2024/02/05 10:15 p.m.6 views

CVE-2023-6953

The PDF Generator For Fluent Forms – The Contact Form Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the header, PDF body and footer content parameters in all versions up to, and including, 1.1.7 due to insufficient input sanitization and output escaping. This makes ...

5.4CVSS5.9AI score0.00393EPSS
Exploits0References2
Cvelist
Cvelist
added 2024/02/05 9:21 p.m.33 views

CVE-2023-6953 PDF Generator For Fluent Forms <= 1.1.7 - Cross-Site Scripting

The PDF Generator For Fluent Forms – The Contact Form Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the header, PDF body and footer content parameters in all versions up to, and including, 1.1.7 due to insufficient input sanitization and output escaping. This makes ...

4.9CVSS5.3AI score0.00393EPSS
Exploits0References2
CVE
CVE
added 2024/02/05 9:21 p.m.59 views

CVE-2023-6953

CVE-2023-6953: The PDF Generator For Fluent Forms – The Contact Form Plugin (WordPress) is vulnerable to Stored XSS via header, PDF body, and footer content in all versions up to 1.1.7 due to insufficient input sanitization and output escaping. Affected versions are

5.4CVSS5.7AI score0.00393EPSS
Exploits0References2Affected Software1
CNNVD
CNNVD
added 2024/02/05 12:0 a.m.5 views

WordPress plugin PDF Generator For Fluent Forms Security Vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports PHP and MySQL servers to set up a personal blog site. WordPress plugin is an application plug-in. WordPress plugin PDF Generator Fo...

5.4CVSS6AI score0.00393EPSS
Exploits0References3
OSV
OSV
added 2024/01/27 6:15 a.m.8 views

CVE-2024-0618

The Contact Form Plugin – Fastest Contact Form Builder Plugin for WordPress by Fluent Forms plugin for WordPress is vulnerable to Stored Cross-Site Scripting via imported form titles in all versions up to, and including, 5.1.5 due to insufficient input sanitization and output escaping. This makes...

4.8CVSS7.3AI score0.0054EPSS
Exploits1References3
Cvelist
Cvelist
added 2024/01/27 5:38 a.m.42 views

CVE-2024-0618 Fluent Forms <= 5.1.5 - Authenticated(Administrator+) Stored Cross-Site Scripting via imported form title

The Contact Form Plugin – Fastest Contact Form Builder Plugin for WordPress by Fluent Forms plugin for WordPress is vulnerable to Stored Cross-Site Scripting via imported form titles in all versions up to, and including, 5.1.5 due to insufficient input sanitization and output escaping. This makes...

4.4CVSS4.9AI score0.0054EPSS
Exploits1References3
CVE
CVE
added 2024/01/27 5:38 a.m.81 views

CVE-2024-0618

CVE-2024-0618 affects the Fluent Form plugin for WordPress (Contact Form Plugin – Fastest Contact Form Builder) up to version 5.1.5. The issue is a stored Cross-Site Scripting (XSS) vulnerability caused by insufficient input sanitization and output escaping for imported form titles. The vulnerabi...

4.8CVSS5.3AI score0.0054EPSS
Exploits1References3Affected Software1
CNNVD
CNNVD
added 2024/01/27 12:0 a.m.7 views

WordPress plugin Fluent Forms security vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers running PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability exists in...

4.8CVSS6.7AI score0.0054EPSS
Exploits1References4
Positive Technologies
Positive Technologies
added 2024/01/26 12:0 a.m.8 views

PT-2024-15694 · WordPress · Fluent Forms

Name of the Vulnerable Software and Affected Versions: The Contact Form Plugin – Fastest Contact Form Builder Plugin for WordPress by Fluent Forms plugin for WordPress versions up to, and including, 5.1.5 Description: The issue is related to Stored Cross-Site Scripting via imported form titles du...

4.8CVSS5.4AI score0.0054EPSS
Exploits1References8
Patchstack
Patchstack
added 2024/01/23 12:0 a.m.16 views

WordPress PDF Generator For Fluent Forms Plugin <= 1.1.7 is vulnerable to Cross Site Scripting (XSS)

Software PDF Generator For Fluent Forms Type Plugin Vulnerable versions = 1.1.7 Fixed in 1.1.8 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-6953 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID f3bea2a974ac Credits drop...

5.4CVSS6AI score0.00393EPSS
Exploits0References3Affected Software1
WPVulnDB
WPVulnDB
added 2024/01/22 12:0 a.m.18 views

PDF Generator For Fluent Forms < 1.1.8 - Cross-Site Scripting

Description The PDF Generator For Fluent Forms – The Contact Form Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the header, PDF body and footer content parameters in all versions up to, and including, 1.1.7 due to insufficient input sanitization and output escaping...

4.9CVSS6AI score0.00393EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/01/20 12:0 a.m.13 views

Fluent Forms < 5.1.7 - Admin+ Stored Cross-Site Scripting via imported form title

Description The plugin is vulnerable to Stored Cross-Site Scripting via imported form titles in all versions up to, and including, 5.1.5 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level access, to inject...

4.3CVSS5.6AI score0.0054EPSS
Exploits1References1Affected Software1
WPVulnDB
WPVulnDB
added 2023/11/24 12:0 a.m.29 views

Contact Form for Plugin by Fluent Forms < 5.0.9 - Insecure Direct Object Reference

Description The Contact Form for Plugin by Fluent Forms plugin for WordPress is vulnerable to Insecure Direct Object Reference in versions up to, and including, 5.0.8 via the addIsRenderableFilter function due to missing validation on the publication status of a form. This makes it possible for...

6.8AI score0.00461EPSS
Exploits0References1Affected Software1
Rows per page
Query Builder