CVE-2026-8627

The Correct Prices plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the $SERVER'PHPSELF' variable in versions up to and including 1.0. This is due to the correctpricespage function echoing $SERVER'PHPSELF' into a form's action attribute without any input sanitization or...

EUVD-2026-31023

The Correct Prices plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the $SERVER'PHPSELF' variable in versions up to and including 1.0. This is due to the correctpricespage function echoing $SERVER'PHPSELF' into a form's action attribute without any input sanitization or...

CVE-2026-8627

The Correct Prices plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the $SERVER'PHPSELF' variable in versions up to and including 1.0. This is due to the correctpricespage function echoing $SERVER'PHPSELF' into a form's action attribute without any input sanitization or...

CVE-2023-5990

The Interactive Contact Form and Multi Step Form Builder with Drag & Drop Editor WordPress plugin before 3.4.2 does not have CSRF checks on some of its form actions such as deletion and duplication, which could allow attackers to make logged in admin perform such actions via CSRF attacks...

CVE-2024-6254

The Brizy – Page Builder plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.5.1. This is due to missing or incorrect nonce validation on form submissions. This makes it possible for unauthenticated attackers to submit forms intended for public...

GHSA-W8FQ-XGVH-CXC2 Silverstripe Forum Module CSRF Vulnerability

A number of form actions in the Forum module are directly accessible. A malicious user e.g. spammer can use GET requests to create Members and post to forums, bypassing CSRF and anti-spam measures. Additionally, a forum moderator could be tricked into clicking a specially crafted URL, resulting i...

CVE-2023-5990

The Interactive Contact Form and Multi Step Form Builder with Drag & Drop Editor WordPress plugin before 3.4.2 does not have CSRF checks on some of its form actions such as deletion and duplication, which could allow attackers to make logged in admin perform such actions via CSRF attacks...

Cross site request forgery (csrf)

The Interactive Contact Form and Multi Step Form Builder with Drag & Drop Editor WordPress plugin before 3.4.2 does not have CSRF checks on some of its form actions such as deletion and duplication, which could allow attackers to make logged in admin perform such actions via CSRF attacks...

SUSE CVE-2023-46490

SQL Injection vulnerability in Cacti v1.2.25 allows a remote attacker to obtain sensitive information via the formactions function in the managers.php function...

CVE-2023-46490

SQL Injection vulnerability in Cacti v1.2.25 allows a remote attacker to obtain sensitive information via the formactions function in the managers.php function...

CVE-2023-46490

SQL Injection vulnerability in Cacti v1.2.25 allows a remote attacker to obtain sensitive information via the formactions function in the managers.php function...

DEBIAN-CVE-2023-46490

SQL Injection vulnerability in Cacti v1.2.25 allows a remote attacker to obtain sensitive information via the formactions function in the managers.php function...

Sql injection

SQL Injection vulnerability in Cacti v1.2.25 allows a remote attacker to obtain sensitive information via the formactions function in the managers.php function...

UBUNTU-CVE-2023-46490

SQL Injection vulnerability in Cacti v1.2.25 allows a remote attacker to obtain sensitive information via the formactions function in the managers.php function...

PT-2023-30050 · Cacti +2 · Cacti +2

Name of the Vulnerable Software and Affected Versions: Cacti version 1.2.25 Description: The issue allows a remote attacker to obtain sensitive information via the form actions function in the managers.php file. Recommendations: For Cacti version 1.2.25, consider disabling the form actions functi...

Cacti SQL Injection Vulnerability

Cacti is a set of open source network traffic monitoring and analysis tools from the Cacti team. The tool obtains data via snmpget, analyzes it using RRDtool drawing graphs, and provides data and user management features. A SQL injection vulnerability exists in Cacti v1.2.25, which stems from...

CVE-2023-24388

Cross-Site Request Forgery CSRF vulnerability in WpDevArt Booking calendar, Appointment Booking System plugin = 3.2.3 versions affects plugin forms actions create, duplicate, edit, delete...

Booking calendar, Appointment Booking System < 3.2.4 - Form Creation/Update/Deletion/Duplication via CSRF

The plugin does not have CSRF checks on some of its form actions such as creation/update/deletion and duplication, which could allow attackers to make logged in admin perform such actions via CSRF attacks...

Cross-site Scripting (XSS)

drupal is vulnerable to cross-site scripting. An attacker is able to inject malicious script via \Drupal\Core\Form\FormBuilder's renderPlaceholderFormAction and/or buildFormAction methods...

CVE-2019-19669

A CSRF vulnerability exists in the Upload Center Forms Component of Web File Manager in Rumpus FTP 8.2.9.1. This could allow an attacker to delete, create, and update the upload forms via RAPR/TriggerServerFunction.html...