431 matches found
CVE-2017-20055
A vulnerability classified as problematic has been found in BestWebSoft Contact Form Plugin 4.0.0. This affects an unknown part. The manipulation leads to basic cross site scripting Stored. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be use...
Cross site scripting
A vulnerability classified as problematic has been found in BestWebSoft Contact Form Plugin 4.0.0. This affects an unknown part. The manipulation leads to basic cross site scripting Stored. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be use...
CVE-2017-20055 BestWebSoft Contact Form Plugin Stored cross site scriting
A vulnerability classified as problematic has been found in BestWebSoft Contact Form Plugin 4.0.0. This affects an unknown part. The manipulation leads to basic cross site scripting Stored. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be use...
CVE-2017-20055
The vulnerability CVE-2017-20055 affects BestWebSoft Contact Form Plugin for WordPress (version 4.0.0). It is described as a stored cross-site scripting (XSS) flaw arising from insufficient input filtering/escaping in the affected component, enabling remote exploitation. Multiple sources confirm ...
CVE-2017-20055 BestWebSoft Contact Form Plugin Stored cross site scriting
A vulnerability classified as problematic has been found in BestWebSoft Contact Form Plugin 4.0.0. This affects an unknown part. The manipulation leads to basic cross site scripting Stored. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be use...
WordPress WS Form plugin cross-site scripting vulnerability
WordPress is the Wordpress Foundation's suite of blogging platforms developed using the PHP language. The platform supports personal blogging sites on PHP and MySQL servers. cross-site scripting vulnerability exists in versions of WordPress WS Form plugin prior to 1.8.176, which stems from the WS...
WordPress Orange Form Plugin SQL Injection Vulnerability
WordPress is the WordPress Foundation's suite of blogging platforms developed using the PHP language. A SQL injection vulnerability exists in the Wordpress Orange Form Plugin 1.0 and earlier versions, which originates in the product admin/orange-form-email.php file in the processbulkaction functi...
CVE-2021-24704
In the Orange Form WordPress plugin through 1.0, the processbulkaction function in "admin/orange-form-email.php" performs an unprepared SQL query with an unsanitized parameter $id. Only admin can access the page that invokes the function, but because of lack of CSRF protection, it is actually...
CVE-2021-24688
The Orange Form WordPress plugin through 1.0.1 does not have any authorisation and CSRF checks in all of its AJAX calls, for example the ordeletefiled one which is available to both unauthenticated and authenticated users could allow attackers to delete arbitrary posts.The AJAX calls performing...
WordPress plugin 跨站脚本漏洞
WordPress is the Wordpress Foundation's set of blogging platform developed using the PHP language . The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an open source application plugin for WordPress. A cross-site scripting vulnerability exists in the WordPress...
Wordpress Plugin Orange Form 跨站请求伪造漏洞
WordPress is the Wordpress Foundation's suite of blogging platforms developed using the PHP language. The platform supports the hosting of personal blogging sites on PHP and MySQL servers. cross-site request forgery vulnerability exists in Wordpress Orange Form Plugin 1.0.1 and prior versions,...
WordPress SQL注入漏洞
WordPress is the WordPress Foundation's suite of blogging platforms developed using the PHP language. A SQL injection vulnerability exists in the Wordpress Orange Form Plugin 1.0 and earlier versions, which originates in the product admin/orange-form-email.php file in the processbulkaction functi...
WordPress plugin WS Form LITE and Pro 跨站脚本漏洞
WordPress is the Wordpress Foundation's suite of blogging platforms developed using the PHP language. The platform supports personal blogging sites on PHP and MySQL servers. cross-site scripting vulnerability exists in versions of WordPress WS Form plugin prior to 1.8.176, which stems from the WS...
CVE-2021-24718
Affected software: ARForms Form Builder plugin for WordPress (versions < 1.5). Vulnerability: Stored Cross-Site Scripting (XSS) due to improper sanitization of certain settings, enabling high-privilege users to inject scripts even when unfiltered_html is disallowed. Impact: Cross-site scriptin...
WordPress N5 Upload Form plugin <= 1.0 - Unauthenticated Arbitrary File Upload vulnerability leading to Remote Code Execution (RCE)
Unauthenticated Arbitrary File Upload vulnerability leading to Remote Code Execution RCE discovered by Jin Huang in WordPress N5 Upload Form plugin versions = 1.0. Solution Plugin closed. Deactivate and delete...
Wordpress plugin contact-form remote file upload vulnerability
WordPress is a blogging platform developed by the WordPress Foundation using the PHP language. The platform supports personal blog sites on PHP and MySQL servers. contact-form-plugin is a contact form plugin used in it. Wordpress plugin contact-form has a remote file upload vulnerability. Allows ...
WordPress liveforms plugin SQL injection vulnerability
WordPress is a blogging platform developed by the WordPress Foundation using the PHP language. The platform supports personal blog sites on PHP and MySQL servers. liveforms is a drag-and-drop form builder plugin used in it. A SQL injection vulnerability exists in the WordPress liveforms plugin. A...
WordPress contact-form-plugin plugin cross-site scripting vulnerability (CNVD-2019-36080)
WordPress is a blogging platform developed by the WordPress Foundation using the PHP language. The platform supports personal blog sites on PHP and MySQL servers. contact-form-plugin is a contact form plugin used in it. A cross-site scripting vulnerability exists in the WordPress...
WordPress contact-form-plugin plugin cross-site scripting vulnerability (CNVD-2019-36071)
WordPress is a blogging platform developed by the WordPress Foundation using the PHP language. The platform supports personal blog sites on PHP and MySQL servers. contact-form-plugin is a contact form plugin used in it. A cross-site scripting vulnerability exists in the WordPress...
WordPress contact-form-plugin plugin cross-site scripting vulnerability (CNVD-2019-36081)
WordPress is a blogging platform developed by the WordPress Foundation using the PHP language. The platform supports personal blog sites on PHP and MySQL servers. contact-form-plugin is a contact form plugin used in it. A cross-site scripting vulnerability exists in the WordPress...