WordPress FluentForm plugin <= 6.1.11 - Arbitrary Shortcode Execution vulnerability

Arbitrary Shortcode Execution vulnerability discovered by Kishan Vyas in WordPress Plugin FluentForm versions = 6.1.11...

WordPress plugin Fluent Forms – Customizable Contact Forms, Survey, Quiz, & Conversational Form Builder 安全漏洞

...

EUVD-2023-46411

Malicious code in bioql PyPI...

WordPress FluentForm plugin 5.1.16-6.1.1 - Authenticated (Subscriber+) PHP Object Injection To Arbitrary File Read

Authenticated Subscriber+ PHP Object Injection To Arbitrary File Read vulnerability discovered by Webbernaut in WordPress Plugin FluentForm versions 5.1.16-6.1.1...

CVE-2023-41952

Missing Authorization vulnerability in Contact Form - WPManageNinja LLC FluentForm allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects FluentForm: from n/a through 5.0.8...

WordPress Fluent Forms plugin <= 6.0.2 - Authenticated (Contributor+) Stored Cross-Site Scripting vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting vulnerability discovered by Asaf Mozes in WordPress Plugin FluentForm versions = 6.0.2...

WordPress FluentForm plugin <= 5.2.6 - Unauthenticated Stored Cross-Site Scripting via Form Subject vulnerability

Unauthenticated Stored Cross-Site Scripting via Form Subject vulnerability discovered by mikemyers in WordPress Plugin FluentForm versions = 5.2.6...

CVE-2023-41952

Missing Authorization vulnerability in Contact Form - WPManageNinja LLC FluentForm allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects FluentForm: from n/a through 5.0.8...

WordPress plugin FluentForm 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security...

WordPress FluentForm plugin <= 5.1.19 - Authenticated (Form Manager+) Stored Cross-Site Scripting vulnerability

Authenticated Form Manager+ Stored Cross-Site Scripting vulnerability discovered by Ivan Kuzymchak in WordPress Plugin FluentForm versions = 5.1.19...

WordPress FluentForm Plugin <= 5.1.19 is vulnerable to Cross Site Scripting (XSS)

Software FluentForm Type Plugin Vulnerable versions = 5.1.19 Fixed in 5.1.20 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-9528 Patch priority Low CVSS severity Low 5.9 Developer Claim ownership PSID 973bb3afee30 Credits Ivan Kuzymchak Required...

WordPress Fluentform plugin <= 5.1.18 - Missing Authorization to Authenticated (Subscriber+) Mailchimp Integration Modification vulnerability

Missing Authorization to Authenticated Subscriber+ Mailchimp Integration Modification vulnerability discovered by Tobias Weißhaar kun19 in WordPress Plugin FluentForm versions = 5.1.18...

WordPress FluentForm Plugin <= 5.1.18 is vulnerable to Broken Access Control

Software FluentForm Type Plugin Vulnerable versions = 5.1.18 Fixed in 5.1.19 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2024-5053 Patch priority Low CVSS severity Low 4.2 Developer Claim ownership PSID 98f9a0a6e43d Credits Tobias Weißhaar kun19 Required...

WordPress fluentform plugin <= 5.1.19 - Authenticated (Administrator+) Stored Cross-Site Scripting vulnerability

Authenticated Administrator+ Stored Cross-Site Scripting vulnerability discovered by Joel Indra Yoel Indra Apelansa Joel Indra - Fourqinex Solutions in WordPress Plugin FluentForm versions = 5.1.19...

WordPress FluentForm Plugin <= 5.1.19 is vulnerable to Cross Site Scripting (XSS)

Software FluentForm Type Plugin Vulnerable versions = 5.1.19 Fixed in 5.1.20 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-6520 Patch priority Low CVSS severity Low 5.9 Developer Claim ownership PSID 8737e12493c8 Credits Joel Indra Yoel Indra...

CVE-2024-6518 Contact Form Plugin by Fluent Forms for Quiz, Survey, and Drag & Drop WP Form Builder <= 5.1.19 - Authenticated (Administrator+) Stored Cross-Site Scripting

The Contact Form Plugin by Fluent Forms for Quiz, Survey, and Drag & Drop WP Form Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via input fields in all versions up to, and including, 5.1.19 due to insufficient input sanitization and output escaping. This makes it...

CVE-2024-6518 Contact Form Plugin by Fluent Forms for Quiz, Survey, and Drag & Drop WP Form Builder <= 5.1.19 - Authenticated (Administrator+) Stored Cross-Site Scripting

The Contact Form Plugin by Fluent Forms for Quiz, Survey, and Drag & Drop WP Form Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via input fields in all versions up to, and including, 5.1.19 due to insufficient input sanitization and output escaping. This makes it...

CVE-2024-6520 Contact Form Plugin by Fluent Forms for Quiz, Survey, and Drag & Drop WP Form Builder <= 5.1.19 - Authenticated (Administrator+) Stored Cross-Site Scripting

The Contact Form Plugin by Fluent Forms for Quiz, Survey, and Drag & Drop WP Form Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via custom error message in all versions up to, and including, 5.1.19 due to insufficient input sanitization and output escaping. This makes ...

CVE-2024-6521 Contact Form Plugin by Fluent Forms for Quiz, Survey, and Drag & Drop WP Form Builder <= 5.1.19 - Authenticated (Administrator+) Stored Cross-Site Scripting

The Contact Form Plugin by Fluent Forms for Quiz, Survey, and Drag & Drop WP Form Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via dropdown fields in all versions up to, and including, 5.1.19 due to insufficient input sanitization and output escaping. This makes it...

WordPress FluentForm plugin <= 5.1.15 - PHP Object Injection vulnerability

PHP Object Injection vulnerability discovered by Tobias Weißhaar kun19 in WordPress Plugin FluentForm versions = 5.1.15...