Lucene search
K

138 matches found

RedhatCVE
RedhatCVE
added 2025/05/23 9:59 a.m.20 views

CVE-2024-1668

The Avada | Website Builder For WordPress & WooCommerce theme for WordPress is vulnerable to Sensitive Information Exposure in versions up to and including 7.11.5 via the form entries page. This makes it possible for authenticated attackers, with contributor access and above, to view the contents...

6.5CVSS6.5AI score0.00658EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 4:56 a.m.8 views

CVE-2023-33311

Auth. contributor+ Stored Cross-Site Scripting XSS vulnerability in CRM Perks Contact Form Entries plugin = 1.3.0 versions...

6.5CVSS5.6AI score0.00397EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 11:57 p.m.7 views

CVE-2022-42129

An Insecure direct object reference IDOR vulnerability in the Dynamic Data Mapping module in Liferay Portal 7.3.2 through 7.4.3.4, and Liferay DXP 7.3 before update 4, and 7.4 GA allows remote authenticated users to view and access form entries via the formInstanceRecordId parameter...

4.3CVSS6.5AI score0.00592EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 11:10 p.m.6 views

CVE-2022-3604

The Contact Form Entries WordPress plugin before 1.3.0 does not validate data when its output in a CSV file, which could lead to CSV injection...

7.8CVSS6.7AI score0.00428EPSS
Exploits2
RedhatCVE
RedhatCVE
added 2025/05/22 9:23 a.m.10 views

CVE-2017-20194

The Formidable Form Builder plugin for WordPress is vulnerable to Sensitive Data Exposure in versions up to, and including, 2.05.03 via the frmformspreview AJAX action. This makes it possible for unauthenticated attackers to export all of the form entries for a given form...

5.3CVSS6.9AI score0.01098EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/02/05 5:16 a.m.5 views

CVE-2024-1069

The Contact Form Entries plugin for WordPress is vulnerable to arbitrary file uploads due to insufficient file validation on the 'viewpage' function in versions up to, and including, 1.3.2. This makes it possible for authenticated attackers with administrator-level capabilities or above, to uploa...

7.2CVSS7.7AI score0.01219EPSS
Exploits0References1
OSV
OSV
added 2024/10/16 8:15 a.m.3 views

CVE-2017-20194

The Formidable Form Builder plugin for WordPress is vulnerable to Sensitive Data Exposure in versions up to, and including, 2.05.03 via the frmformspreview AJAX action. This makes it possible for unauthenticated attackers to export all of the form entries for a given form...

5.3CVSS5.8AI score0.01098EPSS
Exploits1References2
Cvelist
Cvelist
added 2024/10/16 7:31 a.m.21 views

CVE-2017-20194 Formidable Form Builder < 2.05.03 - Unauthenticated Information Disclosure

The Formidable Form Builder plugin for WordPress is vulnerable to Sensitive Data Exposure in versions up to, and including, 2.05.03 via the frmformspreview AJAX action. This makes it possible for unauthenticated attackers to export all of the form entries for a given form...

5.3CVSS0.01098EPSS
Exploits1References2
Positive Technologies
Positive Technologies
added 2024/10/16 12:0 a.m.4 views

PT-2024-10603 · WordPress · Formidable Form Builder

Name of the Vulnerable Software and Affected Versions: Formidable Form Builder plugin for WordPress versions up to, and including, 2.05.03 Description: The issue allows unauthenticated attackers to export all form entries for a given form via the frm forms preview AJAX action. This enables the...

5.3CVSS7.3AI score0.01098EPSS
Exploits1References6
Positive Technologies
Positive Technologies
added 2024/10/16 12:0 a.m.11 views

PT-2024-10601

Name of the Vulnerable Software and Affected Versions Formidable Form Builder plugin for WordPress versions prior to 2.05.03 Description The issue allows unauthenticated attackers to inject arbitrary web scripts that execute in a victim's browser due to insufficient input sanitization and output...

8.3CVSS5.8AI score0.00999EPSS
Exploits2References7
VulnCheck KEV
VulnCheck KEV
added 2024/10/15 12:0 a.m.3 views

VulnCheck KEV: CVE-2017-20192

The Formidable Form Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via multiple parameters submitted during form entries like 'afterhtml' in versions before 2.05.03 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated...

8.3CVSS5.8AI score0.00999EPSS
Exploits2References1
NVD
NVD
added 2024/05/02 5:15 p.m.22 views

CVE-2024-3585

The Send PDF for Contact Form 7 plugin for WordPress is vulnerable to unauthorized access of form submissions due to a missing capability check on the hooks function in all versions up to, and including, 1.0.2.3. This makes it possible for unauthenticated attackers to download information about...

5.3CVSS5AI score0.00691EPSS
Exploits0References3
Patchstack
Patchstack
added 2024/04/23 2:57 a.m.4 views

WordPress Contact Form Entries plugin <= 1.3.8 - Unauthenticated Stored Cross-Site Scripting vulnerability

Unauthenticated Stored Cross-Site Scripting vulnerability discovered by Tim Coen in WordPress Plugin Contact Form Entries versions = 1.3.8...

7.2CVSS5.8AI score0.00636EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2024/04/23 12:0 a.m.11 views

WordPress Contact Form Entries Plugin <= 1.3.8 is vulnerable to Cross Site Scripting (XSS)

Software Contact Form Entries Type Plugin Vulnerable versions = 1.3.8 Fixed in 1.3.9 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-3715 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 05aa510d5273 Credits Tim Coen...

7.2CVSS5.6AI score0.00636EPSS
Exploits0References3Affected Software1
Prion
Prion
added 2024/03/13 4:15 p.m.21 views

Design/Logic Flaw

The Avada | Website Builder For WordPress & WooCommerce theme for WordPress is vulnerable to Sensitive Information Exposure in versions up to and including 7.11.5 via the form entries page. This makes it possible for authenticated attackers, with contributor access and above, to view the contents...

4CVSS6.7AI score0.00658EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2024/03/13 12:0 a.m.4 views

PT-2024-18212 · WordPress · Avada

Name of the Vulnerable Software and Affected Versions: Avada | Website Builder For WordPress & WooCommerce theme for WordPress versions up to and including 7.11.5 Description: The issue allows authenticated attackers with contributor access and above to view the contents of all form submissions,...

6.5CVSS9.3AI score0.00658EPSS
Exploits0References6
Patchstack
Patchstack
added 2024/03/07 12:0 a.m.9 views

WordPress Contact Form Entries Plugin <= 1.3.3 is vulnerable to Cross Site Scripting (XSS)

Software Contact Form Entries Type Plugin Vulnerable versions = 1.3.3 Fixed in 1.3.4 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-2030 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 5485073f02fc Credits Krzysztof Zając...

6.4CVSS5.8AI score0.00593EPSS
Exploits0References3Affected Software1
WPVulnDB
WPVulnDB
added 2024/03/01 12:0 a.m.22 views

Avada < 7.11.6 - Authenticated(Contributor+) Sensitive Information Exposure via Form Entries

Description The Avada | Website Builder For WordPress & WooCommerce theme for WordPress is vulnerable to Sensitive Information Exposure in versions up to and including 7.11.5 via the form entries page. This makes it possible for authenticated attackers, with contributor access and above, to view...

6.5CVSS6.2AI score0.00658EPSS
Exploits0References1Affected Software1
NVD
NVD
added 2024/01/31 3:15 a.m.14 views

CVE-2024-1069

The Contact Form Entries plugin for WordPress is vulnerable to arbitrary file uploads due to insufficient file validation on the 'viewpage' function in versions up to, and including, 1.3.2. This makes it possible for authenticated attackers with administrator-level capabilities or above, to uploa...

7.2CVSS7.2AI score0.01219EPSS
Exploits0References3
OSV
OSV
added 2024/01/31 3:15 a.m.3 views

CVE-2024-1069

The Contact Form Entries plugin for WordPress is vulnerable to arbitrary file uploads due to insufficient file validation on the 'viewpage' function in versions up to, and including, 1.3.2. This makes it possible for authenticated attackers with administrator-level capabilities or above, to uploa...

7.2CVSS7.9AI score0.01219EPSS
Exploits0References3
Rows per page
Query Builder