CVE-2023-2528 Contact Form by Supsystic <= 1.7.24 - Cross-Site Request Forgery via AJAX action

The Contact Form by Supsystic plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.7.24. This is due to missing or incorrect nonce validation on the AJAX action handler. This makes it possible for unauthenticated attackers to execute AJAX actions vi...

CVE-2022-4774

The Bit Form WordPress plugin before 1.9 does not validate the file types uploaded via it's file upload form field, allowing unauthenticated users to upload arbitrary files types such as PHP or HTML files to the server, leading to Remote Code Execution...

CVE-2022-4774 Bit Form < 1.9 - RCE via Unauthenticated Arbitrary File Upload

The Bit Form WordPress plugin before 1.9 does not validate the file types uploaded via it's file upload form field, allowing unauthenticated users to upload arbitrary files types such as PHP or HTML files to the server, leading to Remote Code Execution...

CVE-2023-22703

Unauth. Reflected Cross-Site Scripting XSS vulnerability in Webcodin WCP Contact Form plugin = 3.1.0 versions...

WordPress plugin Ninja Forms Contact Form 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. WordPress is a blogging platform developed in the PHP language that supports personal blogs on PHP and MySQL servers.WordPress plugin is an application...

WordPress plugin MW WP Form 代码问题漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A security vulnerability exists in WordPres...

WordPress MW WP Form Plugin < 4.4.3 is vulnerable to Directory Traversal

Software MW WP Form Type Plugin Vulnerable versions 4.4.3 Fixed in 4.4.3 OWASP Top 10 A5: Broken Access Control Classification Directory Traversal CVE N/A Patch priority Low CVSS severity Low 5.3 Developer Claim ownership PSID aac714a1b62d Credits Unknown Required privilege Unauthenticated...

CVE-2022-46799

Unauth. Reflected Cross-Site Scripting XSS vulnerability in I Thirteen Web Solution Easy Testimonial Slider and Form plugin = 1.0.15 versions...

Cross site scripting

Unauth. Reflected Cross-Site Scripting XSS vulnerability in I Thirteen Web Solution Easy Testimonial Slider and Form plugin = 1.0.15 versions...

CVE-2022-46799 WordPress Easy Testimonial Slider and Form Plugin <= 1.0.15 is vulnerable to Cross Site Scripting (XSS)

Unauth. Reflected Cross-Site Scripting XSS vulnerability in I Thirteen Web Solution Easy Testimonial Slider and Form plugin = 1.0.15 versions...

Wordpress plugin Easy Testimonial Slider and Form 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site scripting vulnerability...

CVE-2023-24386

The CVE refers to a Stored Cross-Site Scripting (XSS) vulnerability in the WordPress plugin “Karishma Arora AI Contact Us Form” versions &lt;= 1.0. The issue is described as Auth. (admin+) XSS, indicating that authenticated users with admin-level privileges can exploit it. The root cause document...

CVE-2023-0546

The Contact Form Plugin WordPress plugin before 4.3.25 does not properly sanitize and escape the srcdoc attribute in iframes in it's custom HTML field type, allowing a logged in user with roles as low as contributor to inject arbitrary javascript into a form which will trigger for any visitor to...

CVE-2023-0546

CVE-2023-0546 affects the Contact Form Plugin WordPress plugin (pre-4.3.25). The issue is stored XSS via improper sanitization/escaping of the srcdoc attribute in iframes within the plugin’s custom HTML field, enabling a logged-in user with Contributor+ privileges to inject arbitrary JavaScript t...

PT-2023-16352 · WordPress · Contact-Form-Plugin

Name of the Vulnerable Software and Affected Versions: Contact Form Plugin WordPress plugin versions prior to 4.3.25 Description: The issue allows a logged-in user with roles as low as contributor to inject arbitrary JavaScript into a form. This can be achieved by exploiting the improper...

Cross site scripting

A vulnerability was found in BestWebSoft Contact Form Plugin 1.3.4 on WordPress and classified as problematic. Affected by this issue is the function bwsaddmenurender of the file bwsmenu/bwsmenu.php. The manipulation of the argument bwsmnformemail leads to cross site scripting. The attack may be...

CVE-2014-125095 BestWebSoft Contact Form Plugin bws_menu.php bws_add_menu_render cross site scripting

A vulnerability was found in BestWebSoft Contact Form Plugin 1.3.4 on WordPress and classified as problematic. Affected by this issue is the function bwsaddmenurender of the file bwsmenu/bwsmenu.php. The manipulation of the argument bwsmnformemail leads to cross site scripting. The attack may be...

CVE-2014-125095

CVE-2014-125095 affects BestWebSoft Contact Form Plugin for WordPress (plugin version 1.3.4). The vulnerability resides in the function bws_add_menu_render (file bws_menu/bws_menu.php) where manipulation of the bwsmn_form_email parameter leads to cross-site scripting. The issue can be triggered r...

CVE-2023-23885

Summary of CVE-2023-23885 : Affected: WordPress Quick Contact Form plugin

CVE-2023-23971

Summary: CVE-2023-23971 affects the CodePeople WP Time Slots Booking Form WordPress plugin (versions ≤ 1.1.81). The root cause is an authenticated stored XSS due to insufficient sanitization/escaping in plugin settings, enabling an admin+ user to inject scripts that could be executed by other use...