138 matches found
CVE-2024-1668
The Avada | Website Builder For WordPress & WooCommerce theme for WordPress is vulnerable to Sensitive Information Exposure in versions up to and including 7.11.5 via the form entries page. This makes it possible for authenticated attackers, with contributor access and above, to view the contents...
CVE-2023-33311
Auth. contributor+ Stored Cross-Site Scripting XSS vulnerability in CRM Perks Contact Form Entries plugin = 1.3.0 versions...
CVE-2022-42129
An Insecure direct object reference IDOR vulnerability in the Dynamic Data Mapping module in Liferay Portal 7.3.2 through 7.4.3.4, and Liferay DXP 7.3 before update 4, and 7.4 GA allows remote authenticated users to view and access form entries via the formInstanceRecordId parameter...
CVE-2022-3604
The Contact Form Entries WordPress plugin before 1.3.0 does not validate data when its output in a CSV file, which could lead to CSV injection...
CVE-2017-20194
The Formidable Form Builder plugin for WordPress is vulnerable to Sensitive Data Exposure in versions up to, and including, 2.05.03 via the frmformspreview AJAX action. This makes it possible for unauthenticated attackers to export all of the form entries for a given form...
CVE-2024-1069
The Contact Form Entries plugin for WordPress is vulnerable to arbitrary file uploads due to insufficient file validation on the 'viewpage' function in versions up to, and including, 1.3.2. This makes it possible for authenticated attackers with administrator-level capabilities or above, to uploa...
CVE-2017-20194
The Formidable Form Builder plugin for WordPress is vulnerable to Sensitive Data Exposure in versions up to, and including, 2.05.03 via the frmformspreview AJAX action. This makes it possible for unauthenticated attackers to export all of the form entries for a given form...
CVE-2017-20194 Formidable Form Builder < 2.05.03 - Unauthenticated Information Disclosure
The Formidable Form Builder plugin for WordPress is vulnerable to Sensitive Data Exposure in versions up to, and including, 2.05.03 via the frmformspreview AJAX action. This makes it possible for unauthenticated attackers to export all of the form entries for a given form...
PT-2024-10603 · WordPress · Formidable Form Builder
Name of the Vulnerable Software and Affected Versions: Formidable Form Builder plugin for WordPress versions up to, and including, 2.05.03 Description: The issue allows unauthenticated attackers to export all form entries for a given form via the frm forms preview AJAX action. This enables the...
PT-2024-10601
Name of the Vulnerable Software and Affected Versions Formidable Form Builder plugin for WordPress versions prior to 2.05.03 Description The issue allows unauthenticated attackers to inject arbitrary web scripts that execute in a victim's browser due to insufficient input sanitization and output...
VulnCheck KEV: CVE-2017-20192
The Formidable Form Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via multiple parameters submitted during form entries like 'afterhtml' in versions before 2.05.03 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated...
CVE-2024-3585
The Send PDF for Contact Form 7 plugin for WordPress is vulnerable to unauthorized access of form submissions due to a missing capability check on the hooks function in all versions up to, and including, 1.0.2.3. This makes it possible for unauthenticated attackers to download information about...
WordPress Contact Form Entries plugin <= 1.3.8 - Unauthenticated Stored Cross-Site Scripting vulnerability
Unauthenticated Stored Cross-Site Scripting vulnerability discovered by Tim Coen in WordPress Plugin Contact Form Entries versions = 1.3.8...
WordPress Contact Form Entries Plugin <= 1.3.8 is vulnerable to Cross Site Scripting (XSS)
Software Contact Form Entries Type Plugin Vulnerable versions = 1.3.8 Fixed in 1.3.9 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-3715 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 05aa510d5273 Credits Tim Coen...
Design/Logic Flaw
The Avada | Website Builder For WordPress & WooCommerce theme for WordPress is vulnerable to Sensitive Information Exposure in versions up to and including 7.11.5 via the form entries page. This makes it possible for authenticated attackers, with contributor access and above, to view the contents...
PT-2024-18212 · WordPress · Avada
Name of the Vulnerable Software and Affected Versions: Avada | Website Builder For WordPress & WooCommerce theme for WordPress versions up to and including 7.11.5 Description: The issue allows authenticated attackers with contributor access and above to view the contents of all form submissions,...
WordPress Contact Form Entries Plugin <= 1.3.3 is vulnerable to Cross Site Scripting (XSS)
Software Contact Form Entries Type Plugin Vulnerable versions = 1.3.3 Fixed in 1.3.4 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-2030 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 5485073f02fc Credits Krzysztof Zając...
Avada < 7.11.6 - Authenticated(Contributor+) Sensitive Information Exposure via Form Entries
Description The Avada | Website Builder For WordPress & WooCommerce theme for WordPress is vulnerable to Sensitive Information Exposure in versions up to and including 7.11.5 via the form entries page. This makes it possible for authenticated attackers, with contributor access and above, to view...
CVE-2024-1069
The Contact Form Entries plugin for WordPress is vulnerable to arbitrary file uploads due to insufficient file validation on the 'viewpage' function in versions up to, and including, 1.3.2. This makes it possible for authenticated attackers with administrator-level capabilities or above, to uploa...
CVE-2024-1069
The Contact Form Entries plugin for WordPress is vulnerable to arbitrary file uploads due to insufficient file validation on the 'viewpage' function in versions up to, and including, 1.3.2. This makes it possible for authenticated attackers with administrator-level capabilities or above, to uploa...