Lucene search
K

431 matches found

NVD
NVD
added 2022/06/16 1:15 p.m.13 views

CVE-2017-20055

A vulnerability classified as problematic has been found in BestWebSoft Contact Form Plugin 4.0.0. This affects an unknown part. The manipulation leads to basic cross site scripting Stored. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be use...

5.4CVSS0.00794EPSS
Exploits1References3
Prion
Prion
added 2022/06/16 1:15 p.m.11 views

Cross site scripting

A vulnerability classified as problematic has been found in BestWebSoft Contact Form Plugin 4.0.0. This affects an unknown part. The manipulation leads to basic cross site scripting Stored. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be use...

3.5CVSS5.3AI score0.00794EPSS
Exploits1References3Affected Software1
Cvelist
Cvelist
added 2022/06/16 12:20 p.m.20 views

CVE-2017-20055 BestWebSoft Contact Form Plugin Stored cross site scriting

A vulnerability classified as problematic has been found in BestWebSoft Contact Form Plugin 4.0.0. This affects an unknown part. The manipulation leads to basic cross site scripting Stored. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be use...

3.5CVSS5.3AI score0.00794EPSS
Exploits1References3
CVE
CVE
added 2022/06/16 12:20 p.m.38 views

CVE-2017-20055

The vulnerability CVE-2017-20055 affects BestWebSoft Contact Form Plugin for WordPress (version 4.0.0). It is described as a stored cross-site scripting (XSS) flaw arising from insufficient input filtering/escaping in the affected component, enabling remote exploitation. Multiple sources confirm ...

5.4CVSS4.5AI score0.00794EPSS
Exploits1References3Affected Software1
Vulnrichment
Vulnrichment
added 2022/06/16 12:20 p.m.9 views

CVE-2017-20055 BestWebSoft Contact Form Plugin Stored cross site scriting

A vulnerability classified as problematic has been found in BestWebSoft Contact Form Plugin 4.0.0. This affects an unknown part. The manipulation leads to basic cross site scripting Stored. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be use...

3.5CVSS5.6AI score0.00794EPSS
Exploits1References3
CNVD
CNVD
added 2022/03/02 12:0 a.m.31 views

WordPress WS Form plugin cross-site scripting vulnerability

WordPress is the Wordpress Foundation's suite of blogging platforms developed using the PHP language. The platform supports personal blogging sites on PHP and MySQL servers. cross-site scripting vulnerability exists in versions of WordPress WS Form plugin prior to 1.8.176, which stems from the WS...

4.8CVSS2AI score0.00588EPSS
Exploits1References1
CNVD
CNVD
added 2022/03/02 12:0 a.m.15 views

WordPress Orange Form Plugin SQL Injection Vulnerability

WordPress is the WordPress Foundation's suite of blogging platforms developed using the PHP language. A SQL injection vulnerability exists in the Wordpress Orange Form Plugin 1.0 and earlier versions, which originates in the product admin/orange-form-email.php file in the processbulkaction functi...

8.8CVSS3.5AI score0.00609EPSS
Exploits2References1
OSV
OSV
added 2022/02/28 9:15 a.m.4 views

CVE-2021-24704

In the Orange Form WordPress plugin through 1.0, the processbulkaction function in "admin/orange-form-email.php" performs an unprepared SQL query with an unsanitized parameter $id. Only admin can access the page that invokes the function, but because of lack of CSRF protection, it is actually...

8.8CVSS5.9AI score0.00609EPSS
Exploits2References1
OSV
OSV
added 2022/02/28 9:15 a.m.5 views

CVE-2021-24688

The Orange Form WordPress plugin through 1.0.1 does not have any authorisation and CSRF checks in all of its AJAX calls, for example the ordeletefiled one which is available to both unauthenticated and authenticated users could allow attackers to delete arbitrary posts.The AJAX calls performing...

4.3CVSS5.9AI score0.00426EPSS
Exploits2References1
CNNVD
CNNVD
added 2022/02/28 12:0 a.m.2 views

WordPress plugin 跨站脚本漏洞

WordPress is the Wordpress Foundation's set of blogging platform developed using the PHP language . The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an open source application plugin for WordPress. A cross-site scripting vulnerability exists in the WordPress...

6.1CVSS5.9AI score0.02196EPSS
Exploits1References2
CNNVD
CNNVD
added 2022/02/28 12:0 a.m.4 views

Wordpress Plugin Orange Form 跨站请求伪造漏洞

WordPress is the Wordpress Foundation's suite of blogging platforms developed using the PHP language. The platform supports the hosting of personal blogging sites on PHP and MySQL servers. cross-site request forgery vulnerability exists in Wordpress Orange Form Plugin 1.0.1 and prior versions,...

4.3CVSS5.7AI score0.00426EPSS
Exploits2References3
CNNVD
CNNVD
added 2022/02/28 12:0 a.m.5 views

WordPress SQL注入漏洞

WordPress is the WordPress Foundation's suite of blogging platforms developed using the PHP language. A SQL injection vulnerability exists in the Wordpress Orange Form Plugin 1.0 and earlier versions, which originates in the product admin/orange-form-email.php file in the processbulkaction functi...

8.8CVSS6.1AI score0.00609EPSS
Exploits2References2
CNNVD
CNNVD
added 2022/02/28 12:0 a.m.5 views

WordPress plugin WS Form LITE and Pro 跨站脚本漏洞

WordPress is the Wordpress Foundation's suite of blogging platforms developed using the PHP language. The platform supports personal blogging sites on PHP and MySQL servers. cross-site scripting vulnerability exists in versions of WordPress WS Form plugin prior to 1.8.176, which stems from the WS...

4.8CVSS5.2AI score0.00588EPSS
Exploits1References2
CVE
CVE
added 2021/12/06 3:55 p.m.39 views

CVE-2021-24718

Affected software: ARForms Form Builder plugin for WordPress (versions < 1.5). Vulnerability: Stored Cross-Site Scripting (XSS) due to improper sanitization of certain settings, enabling high-privilege users to inject scripts even when unfiltered_html is disallowed. Impact: Cross-site scriptin...

4.8CVSS4.8AI score0.00598EPSS
Exploits2References1Affected Software1
Patchstack
Patchstack
added 2021/03/27 12:0 a.m.28 views

WordPress N5 Upload Form plugin <= 1.0 - Unauthenticated Arbitrary File Upload vulnerability leading to Remote Code Execution (RCE)

Unauthenticated Arbitrary File Upload vulnerability leading to Remote Code Execution RCE discovered by Jin Huang in WordPress N5 Upload Form plugin versions = 1.0. Solution Plugin closed. Deactivate and delete...

9.8CVSS4.2AI score0.02207EPSS
Exploits2References3Affected Software1
CNVD
CNVD
added 2020/02/12 12:0 a.m.2 views

Wordpress plugin contact-form remote file upload vulnerability

WordPress is a blogging platform developed by the WordPress Foundation using the PHP language. The platform supports personal blog sites on PHP and MySQL servers. contact-form-plugin is a contact form plugin used in it. Wordpress plugin contact-form has a remote file upload vulnerability. Allows ...

7.1AI score
Exploits0References1
CNVD
CNVD
added 2019/10/14 12:0 a.m.3 views

WordPress liveforms plugin SQL injection vulnerability

WordPress is a blogging platform developed by the WordPress Foundation using the PHP language. The platform supports personal blog sites on PHP and MySQL servers. liveforms is a drag-and-drop form builder plugin used in it. A SQL injection vulnerability exists in the WordPress liveforms plugin. A...

9.8CVSS8AI score0.01869EPSS
Exploits0References1
CNVD
CNVD
added 2019/10/14 12:0 a.m.3 views

WordPress contact-form-plugin plugin cross-site scripting vulnerability (CNVD-2019-36080)

WordPress is a blogging platform developed by the WordPress Foundation using the PHP language. The platform supports personal blog sites on PHP and MySQL servers. contact-form-plugin is a contact form plugin used in it. A cross-site scripting vulnerability exists in the WordPress...

6.1CVSS6.3AI score0.00923EPSS
Exploits0References1
CNVD
CNVD
added 2019/10/14 12:0 a.m.3 views

WordPress contact-form-plugin plugin cross-site scripting vulnerability (CNVD-2019-36071)

WordPress is a blogging platform developed by the WordPress Foundation using the PHP language. The platform supports personal blog sites on PHP and MySQL servers. contact-form-plugin is a contact form plugin used in it. A cross-site scripting vulnerability exists in the WordPress...

6.1CVSS6.3AI score0.00923EPSS
Exploits0References1
CNVD
CNVD
added 2019/10/14 12:0 a.m.3 views

WordPress contact-form-plugin plugin cross-site scripting vulnerability (CNVD-2019-36081)

WordPress is a blogging platform developed by the WordPress Foundation using the PHP language. The platform supports personal blog sites on PHP and MySQL servers. contact-form-plugin is a contact form plugin used in it. A cross-site scripting vulnerability exists in the WordPress...

6.1CVSS6.3AI score0.00923EPSS
Exploits0References1
Rows per page
Query Builder