429 matches found
CVE-2023-44230
Auth. admin+ Stored Cross-Site Scripting XSS vulnerability in Gopi Ramasamy Popup contact form plugin = 7.1 versions...
CVE-2023-44265
Auth. admin+ Stored Cross-Site Scripting XSS vulnerability in Gopi Ramasamy Popup contact form plugin = 7.1 versions...
CVE-2023-44230
CVE-2023-44230 describes a Stored XSS vulnerability in the WordPress plugin “Popup contact form” by Gopi Ramasamy, affecting versions
CVE-2023-44245
Unauth. Reflected Cross-Site Scripting XSS vulnerability in Leap Contractor Contact Form Website to Workflow Tool plugin = 4.0.0 versions...
CVE-2023-44245
Unauth. Reflected Cross-Site Scripting XSS vulnerability in Leap Contractor Contact Form Website to Workflow Tool plugin = 4.0.0 versions...
CVE-2023-44265
CVE-2023-44265 affects the WordPress plugin Popup contact form by Gopi Ramasamy, affected versions
WordPress Contact Form Plugin <= 2.0.11 is vulnerable to Cross Site Request Forgery (CSRF)
Software Contact Form Type Plugin Vulnerable versions = 2.0.11 Fixed in 2.0.12 OWASP Top 10 A5: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2023-44231 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID eacc1253c5af Credits Nguyen Xuan Chien...
CVE-2023-25981
Auth. contributor+ Stored Cross-Site Scripting XSS vulnerability in ThemeKraft Post Form plugin = 2.8.1 versions...
CVE-2023-25981
CVE-2023-25981 is a Stored Cross-Site Scripting (XSS) vulnerability in WordPress BuddyForms plugin versions up to 2.8.1. The issue arises from insufficient input escaping in the Post Form workflow, enabling an attacker with Contributor privileges to inject scripts into a site. A fixed version is ...
PT-2023-23832 · Ays · Easy Form
Name of the Vulnerable Software and Affected Versions: Easy Form team Easy Form by AYS plugin versions 1.2.0 and earlier Description: The issue is related to a Stored Cross-Site Scripting XSS vulnerability that requires authentication with admin+ privileges. Recommendations: For versions 1.2.0 an...
CVE-2023-3645
The Contact Form Builder by Bit Form WordPress plugin before 2.2.0 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite...
Exploit for Cross-site Scripting in Ninjaforms Ninja_Forms
CVE-2023-37979 Unauth. Reflected Cross-Site...
CVE-2023-37979
Unauth. Reflected Cross-Site Scripting XSS vulnerability in Saturday Drive Ninja Forms Contact Form plugin = 3.6.25 versions...
CVE-2023-37979
The CVE-2023-37979 entry maps to the Ninja Forms WordPress plugin with reflected XSS in versions
CVE-2023-36384
Unauth. Reflected Cross-Site Scripting XSS vulnerability in CodePeople Booking Calendar Contact Form plugin = 1.2.40 versions...
Cross site scripting
Unauth. Reflected Cross-Site Scripting XSS vulnerability in CodePeople Booking Calendar Contact Form plugin = 1.2.40 versions...
CVE-2023-36384
CVE-2023-36384 affects the Booking Calendar Contact Form WordPress plugin, vulnerable in versions
CVE-2023-2300
The Contact Form Builder by vcita plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'email' parameter in versions up to, and including, 4.9.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers with the editposts...
CVE-2023-33328
CVE-2023-33328 : A Stored Cross-Site Scripting (XSS) vulnerability in the PluginOps MailChimp Subscribe Form plugin (versions
PT-2023-21697 · Unknown · Mw Wp Form
Name of the Vulnerable Software and Affected Versions: MW WP Form versions v4.4.2 and earlier Description: The issue allows a remote unauthenticated attacker to upload an arbitrary file due to an unrestricted upload of files with dangerous types. This may lead to potential security risks...