CVE-2024-0618 Fluent Forms <= 5.1.5 - Authenticated(Administrator+) Stored Cross-Site Scripting via imported form title

The Contact Form Plugin – Fastest Contact Form Builder Plugin for WordPress by Fluent Forms plugin for WordPress is vulnerable to Stored Cross-Site Scripting via imported form titles in all versions up to, and including, 5.1.5 due to insufficient input sanitization and output escaping. This makes...

CVE-2022-23180

The Contact Form & Lead Form Elementor Builder WordPress plugin before 1.7.4 doesn't have authorisation and nonce checks, which could allow any authenticated users, such as subscriber to update and change various settings...

CVE-2023-50832 WordPress Multi Step Form Plugin <= 1.7.13 is vulnerable to Cross Site Scripting (XSS)

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Mondula GmbH Multi Step Form allows Stored XSS.This issue affects Multi Step Form: from n/a through 1.7.13...

CVE-2023-50829 WordPress Loan Repayment Calculator and Application Form Plugin <= 2.9.3 is vulnerable to Cross Site Scripting (XSS)

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Aerin Loan Repayment Calculator and Application Form allows Stored XSS.This issue affects Loan Repayment Calculator and Application Form: from n/a through 2.9.3...

CVE-2023-29096

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in BestWebSoft Contact Form to DB by BestWebSoft – Messages Database Plugin For WordPress.This issue affects Contact Form to DB by BestWebSoft – Messages Database Plugin For WordPress: from n/a throug...

Arbitrary file deletion

The MW WP Form plugin for WordPress is vulnerable to arbitrary file deletion in all versions up to, and including, 5.0.3. This is due to the plugin not properly validating the path of an uploaded file prior to deleting it. This makes it possible for unauthenticated attackers to delete arbitrary...

WordPress Plugin Contact Form Cross-Site Scripting Vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A cross-site scripting vulnerability exists...

WordPress Simple Long Form Plugin <= 2.2.2 is vulnerable to Cross Site Scripting (XSS)

Software Simple Long Form Type Plugin Vulnerable versions = 2.2.2 Fixed in N/A OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2023-41136 Patch priority Low CVSS severity Low 5.9 Developer Claim ownership PSID f92f4ede21be Credits DoYeon Park p6rkdoye0n Required privile...

CVE-2023-47758

Cross-Site Request Forgery CSRF vulnerability in Mondula GmbH Multi Step Form plugin = 1.7.11 versions...

CVE-2023-47758 WordPress Multi Step Form Plugin <= 1.7.11 is vulnerable to Cross Site Request Forgery (CSRF)

Cross-Site Request Forgery CSRF vulnerability in Mondula GmbH Multi Step Form plugin = 1.7.11 versions...

CVE-2023-47758

The CVE-2023-47758 entry concerns Mondula GmbH’s WordPress Multi Step Form plugin. Affected versions are prior to 1.7.12 (per PT Security) and

CVE-2023-35910 WordPress Quasar form Plugin <= 6.0 is vulnerable to SQL Injection

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Nucleusgenius Quasar form free – Contact Form Builder for WordPress allows SQL Injection.This issue affects Quasar form free – Contact Form Builder for WordPress: from n/a through 6.0...

CVE-2023-24410

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Contact Form - WPManageNinja LLC Contact Form Plugin – Fastest Contact Form Builder Plugin for WordPress by Fluent Forms fluentform allows SQL Injection.This issue affects Contact Form Plugin –...

CVE-2023-24410

CVE-2023-24410: WordPress plugin FluentForm (Contact Form Plugin – Fastest Contact Form Builder)

WordPress Plugin Contact Form Plugin - Fastest Contact Form Builder Plugin for WordPress by Fluent Forms SQL Injection Vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. WordPress Plugin Contact Form Plugin -...

PT-2023-29670 · WordPress · Easy Testimonial Slider/Form

Name of the Vulnerable Software and Affected Versions: Easy Testimonial Slider and Form versions 1.0.18 and earlier Description: The issue is related to improper neutralization of input during web page generation, which allows for stored cross-site scripting XSS. This means that an attacker can...

WordPress Easy Testimonial Slider and Form Plugin <= 1.0.18 is vulnerable to Cross Site Scripting (XSS)

Software Easy Testimonial Slider and Form Type Plugin Vulnerable versions = 1.0.18 Fixed in 1.0.19 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-45754 Patch priority Low CVSS severity Low 5.9 Developer Claim ownership PSID 10c1fae73b88 Credits Rio...

CVE-2023-44231

Cross-Site Request Forgery CSRF vulnerability in NickDuncan Contact Form plugin = 2.0.10 versions...

WordPress Plugin Contact Form Cross-Site Request Forgery Vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. WordPress plugin is an application plugin that supports personal blog sites on PHP and MySQL servers. A cross-site request forgery vulnerability exists i...

CVE-2023-25463

Cross-Site Request Forgery CSRF vulnerability in Gopi Ramasamy WP tell a friend popup form plugin = 7.1 versions...