WordPress 5280 Bootstrap Modal Contact Form plugin <= 1.0 - Cross-Site Request Forgery to Bulk Delete Messages vulnerability

Cross-Site Request Forgery to Bulk Delete Messages vulnerability discovered by Nathaniel Oh 0x4n3 in WordPress Plugin 5280 Bootstrap Modal Contact Form versions = 1.0...

WordPress Responsive Contact Form Builder & Lead Generation Plugin plugin <= 1.8.9 - Missing Authorization vulnerability

Missing Authorization vulnerability discovered by Duc Manh in WordPress Plugin Contact Form & Lead Form Elementor Builder versions = 1.8.9...

CVE-2024-32147

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Form Plugin Team - GhozyLab Easy Contact Form Lite allows Stored XSS.This issue affects Easy Contact Form Lite : from n/a through 1.1.23...

CVE-2024-32147

CVE-2024-32147 affects the Form Plugin Team – GhozyLab Easy Contact Form Lite (WordPress plugin). The vulnerability is a Stored Cross‑Site Scripting (XSS) caused by improper neutralization of input during web page generation. Affected versions are from n/a up to 1.1.23. Public details in provided...

CVE-2024-32147 WordPress Contact Form Plugin plugin <= 1.1.23 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Form Plugin Team - GhozyLab Easy Contact Form Lite allows Stored XSS.This issue affects Easy Contact Form Lite : from n/a through 1.1.23...

WordPress Plugin Contact Form Plugin 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. WordPress plugin is an application plugin that supports personal blog sites on PHP and MySQL servers. A cross-site scripting vulnerability exists in...

WordPress Contact Form Plugin plugin <= 1.1.23 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by Abdi Pranata Patchstack Alliance in WordPress Plugin Easy Contact Form Lite versions = 1.1.23...

WordPress VS Contact Form plugin <= 14.7 - Sum Captcha Bypass vulnerability

Sum Captcha Bypass vulnerability discovered by Kyle Sanchez Patchstack Alliance in WordPress Plugin VS Contact Form versions = 14.7...

WordPress VS Contact Form Plugin <= 14.7 is vulnerable to Bypass Vulnerability

Software VS Contact Form Type Plugin Vulnerable versions = 14.7 Fixed in 14.8 OWASP Top 10 A4: Insecure Design Classification Bypass Vulnerability CVE CVE-2024-30540 Patch priority Low CVSS severity Low 5.3 Developer Claim ownership PSID 88383ccd18bb Credits Kyle Sanchez Required privilege...

CVE-2024-1640

The Contact Form Builder Plugin: Multi Step Contact Form, Payment Form, Custom Contact Form Plugin by Bit Form plugin for WordPress is vulnerable to unauthorized modification of data due to a insufficient user validation on the bitformsupdateformentry AJAX action in all versions up to, and...

Input validation

The Contact Form Builder Plugin: Multi Step Contact Form, Payment Form, Custom Contact Form Plugin by Bit Form plugin for WordPress is vulnerable to unauthorized modification of data due to a insufficient user validation on the bitformsupdateformentry AJAX action in all versions up to, and...

Contact Form Builder Plugin: Multi Step Contact Form, Payment Form, Custom Contact Form Plugin by Bit Form < 2.10.2 - Unauthenticated Insecure Direct Object Reference to Form Submission Alteration

Description The Contact Form Builder Plugin: Multi Step Contact Form, Payment Form, Custom Contact Form Plugin by Bit Form plugin for WordPress is vulnerable to unauthorized modification of data due to a insufficient user validation on the bitformsupdateformentry AJAX action in all versions up to...

WordPress Bit Form – Contact Form Plugin Plugin <= 2.10.1 is vulnerable to Insecure Direct Object References (IDOR)

Software Bit Form – Contact Form Plugin Type Plugin Vulnerable versions = 2.10.1 Fixed in 2.10.2 OWASP Top 10 A4: Insecure Design Classification Insecure Direct Object References IDOR CVE CVE-2024-1640 Patch priority Low CVSS severity Low 5.3 Developer Claim ownership PSID 608867152d52 Credits...

PT-2024-18188 · Bit Form · Contact Form Builder Plugin

Name of the Vulnerable Software and Affected Versions: The Contact Form Builder Plugin: Multi Step Contact Form, Payment Form, Custom Contact Form Plugin by Bit Form plugin for WordPress versions up to, and including, 2.10.1 Description: The issue is related to insufficient user validation on the...

CVE-2024-1170

The Post Form – Registration Form – Profile Form for User Profiles – Frontend Content Forms for User Submissions UGC plugin for WordPress is vulnerable to unauthorized media file deletion due to a missing capability check on the handledeletedmedia function in all versions up to, and including,...

PT-2024-17195 · WordPress · The Post Form – Registration Form – Profile Form For User Profiles – Frontend Content Forms For User Submissions

Name of the Vulnerable Software and Affected Versions: The Post Form – Registration Form – Profile Form for User Profiles – Frontend Content Forms for User Submissions UGC plugin for WordPress versions up to, and including, 2.8.7 Description: The issue is related to a missing capability check on...

WordPress Plugin WP Contact Form Cross-Site Request Forgery Vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. WordPress is a blogging platform developed in the PHP language that supports personal blogs on PHP and MySQL servers.WordPress plugin is an application...

CVE-2024-24804

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in websoudan MW WP Form allows Stored XSS.This issue affects MW WP Form: from n/a through 5.0.6...

CVE-2024-0618

The Contact Form Plugin – Fastest Contact Form Builder Plugin for WordPress by Fluent Forms plugin for WordPress is vulnerable to Stored Cross-Site Scripting via imported form titles in all versions up to, and including, 5.1.5 due to insufficient input sanitization and output escaping. This makes...

CVE-2024-0618 Fluent Forms <= 5.1.5 - Authenticated(Administrator+) Stored Cross-Site Scripting via imported form title

The Contact Form Plugin – Fastest Contact Form Builder Plugin for WordPress by Fluent Forms plugin for WordPress is vulnerable to Stored Cross-Site Scripting via imported form titles in all versions up to, and including, 5.1.5 due to insufficient input sanitization and output escaping. This makes...