Lucene search
K

143 matches found

Positive Technologies
Positive Technologies
added 2024/03/13 12:0 a.m.4 views

PT-2024-18212 · WordPress · Avada

Name of the Vulnerable Software and Affected Versions: Avada | Website Builder For WordPress & WooCommerce theme for WordPress versions up to and including 7.11.5 Description: The issue allows authenticated attackers with contributor access and above to view the contents of all form submissions,...

6.5CVSS9.3AI score0.00658EPSS
Exploits0References6
Patchstack
Patchstack
added 2024/03/07 12:0 a.m.9 views

WordPress Contact Form Entries Plugin <= 1.3.3 is vulnerable to Cross Site Scripting (XSS)

Software Contact Form Entries Type Plugin Vulnerable versions = 1.3.3 Fixed in 1.3.4 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-2030 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 5485073f02fc Credits Krzysztof Zając...

6.4CVSS5.8AI score0.00593EPSS
Exploits0References3Affected Software1
WPVulnDB
WPVulnDB
added 2024/03/01 12:0 a.m.22 views

Avada < 7.11.6 - Authenticated(Contributor+) Sensitive Information Exposure via Form Entries

Description The Avada | Website Builder For WordPress & WooCommerce theme for WordPress is vulnerable to Sensitive Information Exposure in versions up to and including 7.11.5 via the form entries page. This makes it possible for authenticated attackers, with contributor access and above, to view...

6.5CVSS6.2AI score0.00658EPSS
Exploits0References1Affected Software1
NVD
NVD
added 2024/01/31 3:15 a.m.14 views

CVE-2024-1069

The Contact Form Entries plugin for WordPress is vulnerable to arbitrary file uploads due to insufficient file validation on the 'viewpage' function in versions up to, and including, 1.3.2. This makes it possible for authenticated attackers with administrator-level capabilities or above, to uploa...

7.2CVSS7.2AI score0.01219EPSS
Exploits0References3
OSV
OSV
added 2024/01/31 3:15 a.m.4 views

CVE-2024-1069

The Contact Form Entries plugin for WordPress is vulnerable to arbitrary file uploads due to insufficient file validation on the 'viewpage' function in versions up to, and including, 1.3.2. This makes it possible for authenticated attackers with administrator-level capabilities or above, to uploa...

7.2CVSS7.9AI score0.01219EPSS
Exploits0References3
Prion
Prion
added 2024/01/31 3:15 a.m.15 views

Input validation

The Contact Form Entries plugin for WordPress is vulnerable to arbitrary file uploads due to insufficient file validation on the 'viewpage' function in versions up to, and including, 1.3.2. This makes it possible for authenticated attackers with administrator-level capabilities or above, to uploa...

5.8CVSS8AI score0.01219EPSS
Exploits0References3Affected Software1
Cvelist
Cvelist
added 2024/01/31 2:35 a.m.19 views

CVE-2024-1069 Contact Form Entries <= 1.3.2 - Authenticated (Administrator+) Arbitrary File Upload

The Contact Form Entries plugin for WordPress is vulnerable to arbitrary file uploads due to insufficient file validation on the 'viewpage' function in versions up to, and including, 1.3.2. This makes it possible for authenticated attackers with administrator-level capabilities or above, to uploa...

7.2CVSS7.5AI score0.01219EPSS
Exploits0References3
CVE
CVE
added 2024/01/31 2:35 a.m.56 views

CVE-2024-1069

CVE-2024-1069 affects the WordPress plugin “Contact Form Entries.” Versions up to and including 1.3.2 are vulnerable to arbitrary file uploads through insufficient validation in the view_page function. Authenticated attackers with administrator-level capabilities (or higher) can upload arbitrary ...

7.2CVSS7.8AI score0.01219EPSS
Exploits0References3Affected Software1
Vulnrichment
Vulnrichment
added 2024/01/31 2:35 a.m.7 views

CVE-2024-1069

The Contact Form Entries plugin for WordPress is vulnerable to arbitrary file uploads due to insufficient file validation on the 'viewpage' function in versions up to, and including, 1.3.2. This makes it possible for authenticated attackers with administrator-level capabilities or above, to uploa...

7.2CVSS7.6AI score0.01219EPSS
Exploits0References3
Patchstack
Patchstack
added 2024/01/31 12:0 a.m.12 views

WordPress Contact Form Entries Plugin <= 1.3.2 is vulnerable to Arbitrary File Upload

Software Contact Form Entries Type Plugin Vulnerable versions = 1.3.2 Fixed in 1.3.3 OWASP Top 10 A1: Injection Classification Arbitrary File Upload CVE CVE-2024-1069 Patch priority Low CVSS severity Low 7.2 Developer Claim ownership PSID 192b96d23fe0 Credits István Márton Required privilege...

7.2CVSS6.8AI score0.01219EPSS
Exploits0References3Affected Software1
CNNVD
CNNVD
added 2024/01/31 12:0 a.m.6 views

WordPress plugin Contact Form Entries Security Vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. WordPress plugin is an application plugin that supports personal blogs on PHP and MySQL servers. A security vulnerability exists in the WordPress plugin...

7.2CVSS7AI score0.01219EPSS
Exploits0References4
NVD
NVD
added 2024/01/16 4:15 p.m.23 views

CVE-2022-3604

The Contact Form Entries WordPress plugin before 1.3.0 does not validate data when its output in a CSV file, which could lead to CSV injection...

7.8CVSS7.8AI score0.00428EPSS
Exploits2References1
OSV
OSV
added 2024/01/16 4:15 p.m.4 views

CVE-2022-3604

The Contact Form Entries WordPress plugin before 1.3.0 does not validate data when its output in a CSV file, which could lead to CSV injection...

7.8CVSS5.8AI score0.00428EPSS
Exploits2References1
Prion
Prion
added 2024/01/16 4:15 p.m.17 views

Design/Logic Flaw

The Contact Form Entries WordPress plugin before 1.3.0 does not validate data when its output in a CSV file, which could lead to CSV injection...

4.4CVSS7.3AI score0.00428EPSS
Exploits2References1Affected Software1
Vulnrichment
Vulnrichment
added 2024/01/16 3:52 p.m.16 views

CVE-2022-3604 Contact Form Entries < 1.3.0 - CSV Injection

The Contact Form Entries WordPress plugin before 1.3.0 does not validate data when its output in a CSV file, which could lead to CSV injection...

7AI score0.00428EPSS
Exploits2References1
CVE
CVE
added 2024/01/16 3:52 p.m.61 views

CVE-2022-3604

CVE-2022-3604 affects the WordPress plugin Contact Form Entries prior to version 1.3.0. The issue is that data exported to CSV is not validated, which can lead to CSV injection via the exported file. A PoC demonstrates crafting a CSV lead value like =5+5 that, when opened in a spreadsheet, can ex...

7.8CVSS7.7AI score0.00428EPSS
Exploits2References1Affected Software1
CNNVD
CNNVD
added 2024/01/16 12:0 a.m.3 views

WordPress plugin Contact Form Entries Security Vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. WordPress is a blogging platform developed using the PHP language, which supports personal blogs on PHP and MySQL servers.WordPress plugin is an...

7.8CVSS6.6AI score0.00428EPSS
Exploits2References2
Positive Technologies
Positive Technologies
added 2024/01/16 12:0 a.m.5 views

PT-2024-11597 · WordPress · Contact Form Entries

Name of the Vulnerable Software and Affected Versions: Contact Form Entries WordPress plugin versions prior to 1.3.0 Description: The issue concerns the Contact Form Entries WordPress plugin, which does not validate data when outputting it in a CSV file. This lack of validation could lead to CSV...

7.8CVSS7.7AI score0.00428EPSS
Exploits2References5
Positive Technologies
Positive Technologies
added 2023/10/31 12:0 a.m.6 views

PT-2023-23234 · Wpforms +1 · Wpforms +2

Name of the Vulnerable Software and Affected Versions: Database for Contact Form 7, WPforms, Elementor forms versions 1.3.0 and earlier Description: The issue is related to an SQL Injection vulnerability due to improper neutralization of special elements used in an SQL command. This allows for SQ...

9.8CVSS9.8AI score0.0075EPSS
Exploits0References6
WPVulnDB
WPVulnDB
added 2023/07/29 12:0 a.m.27 views

Ninja Forms < 3.6.26 - Subscriber+ Form Entries Export

Description The plugin does not have proper authorisation check in the processing function, which could allow any authenticated users, such as subscriber to export and download submitted form entries...

6.2AI score0.00427EPSS
Exploits0Affected Software1
Rows per page
Query Builder