143 matches found
PT-2024-18212 · WordPress · Avada
Name of the Vulnerable Software and Affected Versions: Avada | Website Builder For WordPress & WooCommerce theme for WordPress versions up to and including 7.11.5 Description: The issue allows authenticated attackers with contributor access and above to view the contents of all form submissions,...
WordPress Contact Form Entries Plugin <= 1.3.3 is vulnerable to Cross Site Scripting (XSS)
Software Contact Form Entries Type Plugin Vulnerable versions = 1.3.3 Fixed in 1.3.4 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-2030 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 5485073f02fc Credits Krzysztof Zając...
Avada < 7.11.6 - Authenticated(Contributor+) Sensitive Information Exposure via Form Entries
Description The Avada | Website Builder For WordPress & WooCommerce theme for WordPress is vulnerable to Sensitive Information Exposure in versions up to and including 7.11.5 via the form entries page. This makes it possible for authenticated attackers, with contributor access and above, to view...
CVE-2024-1069
The Contact Form Entries plugin for WordPress is vulnerable to arbitrary file uploads due to insufficient file validation on the 'viewpage' function in versions up to, and including, 1.3.2. This makes it possible for authenticated attackers with administrator-level capabilities or above, to uploa...
CVE-2024-1069
The Contact Form Entries plugin for WordPress is vulnerable to arbitrary file uploads due to insufficient file validation on the 'viewpage' function in versions up to, and including, 1.3.2. This makes it possible for authenticated attackers with administrator-level capabilities or above, to uploa...
Input validation
The Contact Form Entries plugin for WordPress is vulnerable to arbitrary file uploads due to insufficient file validation on the 'viewpage' function in versions up to, and including, 1.3.2. This makes it possible for authenticated attackers with administrator-level capabilities or above, to uploa...
CVE-2024-1069 Contact Form Entries <= 1.3.2 - Authenticated (Administrator+) Arbitrary File Upload
The Contact Form Entries plugin for WordPress is vulnerable to arbitrary file uploads due to insufficient file validation on the 'viewpage' function in versions up to, and including, 1.3.2. This makes it possible for authenticated attackers with administrator-level capabilities or above, to uploa...
CVE-2024-1069
CVE-2024-1069 affects the WordPress plugin “Contact Form Entries.” Versions up to and including 1.3.2 are vulnerable to arbitrary file uploads through insufficient validation in the view_page function. Authenticated attackers with administrator-level capabilities (or higher) can upload arbitrary ...
CVE-2024-1069
The Contact Form Entries plugin for WordPress is vulnerable to arbitrary file uploads due to insufficient file validation on the 'viewpage' function in versions up to, and including, 1.3.2. This makes it possible for authenticated attackers with administrator-level capabilities or above, to uploa...
WordPress Contact Form Entries Plugin <= 1.3.2 is vulnerable to Arbitrary File Upload
Software Contact Form Entries Type Plugin Vulnerable versions = 1.3.2 Fixed in 1.3.3 OWASP Top 10 A1: Injection Classification Arbitrary File Upload CVE CVE-2024-1069 Patch priority Low CVSS severity Low 7.2 Developer Claim ownership PSID 192b96d23fe0 Credits István Márton Required privilege...
WordPress plugin Contact Form Entries Security Vulnerability
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. WordPress plugin is an application plugin that supports personal blogs on PHP and MySQL servers. A security vulnerability exists in the WordPress plugin...
CVE-2022-3604
The Contact Form Entries WordPress plugin before 1.3.0 does not validate data when its output in a CSV file, which could lead to CSV injection...
CVE-2022-3604
The Contact Form Entries WordPress plugin before 1.3.0 does not validate data when its output in a CSV file, which could lead to CSV injection...
Design/Logic Flaw
The Contact Form Entries WordPress plugin before 1.3.0 does not validate data when its output in a CSV file, which could lead to CSV injection...
CVE-2022-3604 Contact Form Entries < 1.3.0 - CSV Injection
The Contact Form Entries WordPress plugin before 1.3.0 does not validate data when its output in a CSV file, which could lead to CSV injection...
CVE-2022-3604
CVE-2022-3604 affects the WordPress plugin Contact Form Entries prior to version 1.3.0. The issue is that data exported to CSV is not validated, which can lead to CSV injection via the exported file. A PoC demonstrates crafting a CSV lead value like =5+5 that, when opened in a spreadsheet, can ex...
WordPress plugin Contact Form Entries Security Vulnerability
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. WordPress is a blogging platform developed using the PHP language, which supports personal blogs on PHP and MySQL servers.WordPress plugin is an...
PT-2024-11597 · WordPress · Contact Form Entries
Name of the Vulnerable Software and Affected Versions: Contact Form Entries WordPress plugin versions prior to 1.3.0 Description: The issue concerns the Contact Form Entries WordPress plugin, which does not validate data when outputting it in a CSV file. This lack of validation could lead to CSV...
PT-2023-23234 · Wpforms +1 · Wpforms +2
Name of the Vulnerable Software and Affected Versions: Database for Contact Form 7, WPforms, Elementor forms versions 1.3.0 and earlier Description: The issue is related to an SQL Injection vulnerability due to improper neutralization of special elements used in an SQL command. This allows for SQ...
Ninja Forms < 3.6.26 - Subscriber+ Form Entries Export
Description The plugin does not have proper authorisation check in the processing function, which could allow any authenticated users, such as subscriber to export and download submitted form entries...