429 matches found
CVE-2024-7782
The Contact Form by Bit Form: Multi Step Form, Calculation Contact Form, Payment Contact Form & Custom Contact Form builder plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in the iconRemove function in versions 2.0 to 2.13.4. This makes it...
CVE-2024-7780
The Contact Form by Bit Form: Multi Step Form, Calculation Contact Form, Payment Contact Form & Custom Contact Form builder plugin for WordPress is vulnerable to generic SQL Injection via the id parameter in versions 2.0 to 2.13.9 due to insufficient escaping on the user-supplied parameter and la...
CVE-2024-7775
The Contact Form by Bit Form: Multi Step Form, Calculation Contact Form, Payment Contact Form & Custom Contact Form builder plugin for WordPress is vulnerable to arbitrary JavaScript file uploads due to missing input validation in the addCustomCode function in versions 2.0 to 2.13.9. This makes i...
CVE-2024-7702
The Contact Form by Bit Form: Multi Step Form, Calculation Contact Form, Payment Contact Form & Custom Contact Form builder plugin for WordPress is vulnerable to generic SQL Injection via the entryID parameter in versions 2.0 to 2.13.9 due to insufficient escaping on the user-supplied parameter a...
WordPress Bit Form – Contact Form Plugin Plugin 2.0 - 2.13.9 is vulnerable to Arbitrary File Download
Software Bit Form – Contact Form Plugin Type Plugin Vulnerable versions 2.0 - 2.13.9 Fixed in 2.13.10 OWASP Top 10 A1: Broken Access Control Classification Arbitrary File Download CVE CVE-2024-7777 Patch priority Low CVSS severity Low 7.6 Developer Claim ownership PSID fefb4e6e44bf Credits siunam...
WordPress Bit Form – Contact Form Plugin Plugin 2.0 - 2.13.9 is vulnerable to Cross Site Scripting (XSS)
Software Bit Form – Contact Form Plugin Type Plugin Vulnerable versions 2.0 - 2.13.9 Fixed in 2.13.10 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-7775 Patch priority Low CVSS severity Low 5.9 Developer Claim ownership PSID a79665250a6a Credits siunam Required...
CVE-2024-6703
The Contact Form Plugin by Fluent Forms for Quiz, Survey, and Drag & Drop WP Form Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘description’ and 'btntxt' parameters in all versions up to, and including, 5.1.19 due to insufficient input sanitization and output...
CVE-2024-6703
The Contact Form Plugin by Fluent Forms for Quiz, Survey, and Drag & Drop WP Form Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘description’ and 'btntxt' parameters in all versions up to, and including, 5.1.19 due to insufficient input sanitization and output...
CVE-2024-6703
CVE-2024-6703 affects the WordPress plugin “Contact Form Plugin by Fluent Forms for Quiz, Survey, and Drag & Drop WP Form Builder.” The vulnerability is a Stored Cross-Site Scripting (XSS) due to insufficient input sanitization and output escaping in the description and btn_txt parameters, exploi...
CVE-2024-6521
The Contact Form Plugin by Fluent Forms for Quiz, Survey, and Drag & Drop WP Form Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via dropdown fields in all versions up to, and including, 5.1.19 due to insufficient input sanitization and output escaping. This makes it...
CVE-2024-6520
The Contact Form Plugin by Fluent Forms for Quiz, Survey, and Drag & Drop WP Form Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via custom error message in all versions up to, and including, 5.1.19 due to insufficient input sanitization and output escaping. This makes ...
CVE-2024-6520
CVE-2024-6520 concerns the WordPress Fluent Forms Contact Form Plugin (Quiz, Survey, Drag & Drop) with a Stored Cross-Site Scripting flaw in versions up to 5.1.19, caused by insufficient input sanitization and output escaping. Exploitation requires Administrator-level privileges (and above) and c...
CVE-2024-6520 Contact Form Plugin by Fluent Forms for Quiz, Survey, and Drag & Drop WP Form Builder <= 5.1.19 - Authenticated (Administrator+) Stored Cross-Site Scripting
The Contact Form Plugin by Fluent Forms for Quiz, Survey, and Drag & Drop WP Form Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via custom error message in all versions up to, and including, 5.1.19 due to insufficient input sanitization and output escaping. This makes ...
WordPress plugin Contact Form Plugin 安全漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...
WordPress plugin Contact Form Plugin 安全漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...
WordPress plugin Contact Form Plugin 安全漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...
WordPress plugin Contact Form Plugin 安全漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...
PT-2024-37810 · Fluent Forms · Contact Form Plugin By Fluent Forms
Name of the Vulnerable Software and Affected Versions: Contact Form Plugin by Fluent Forms for Quiz, Survey, and Drag & Drop WP Form Builder plugin for WordPress versions up to, and including, 5.1.19 Description: The issue is related to Stored Cross-Site Scripting due to insufficient input...
WordPress HTML Forms Plugin < 1.3.33 is vulnerable to Cross Site Scripting (XSS)
Software HTML Forms Type Plugin Vulnerable versions 1.3.33 Fixed in 1.3.33 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-6243 Patch priority Low CVSS severity Low 5.9 Developer Claim ownership PSID 9d51e0c8f019 Credits Majdeddine Ben Hadj Brahim...
CVE-2024-6123
CVE-2024-6123 (Bit Form, WordPress): The Bit Form plugin (WordPress) versions up to and including 2.13.3 are vulnerable to arbitrary file uploads due to missing file type validation in the iconUpload function. This allows an attacker with administrator-level or higher privileges to upload arbitra...