Lucene search
K

482 matches found

WPVulnDB
WPVulnDB
added 2023/11/29 12:0 a.m.23 views

WP Forms Puzzle Captcha <= 4.1 - Cross-Site Request Forgery to Cross-Site Scripting

Description The WP Forms Puzzle Captcha plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 4.1. This is due to missing or incorrect nonce validation on one of its functions. This makes it possible for unauthenticated attackers to invoke this functio...

7.1CVSS6.3AI score0.00207EPSS
Exploits0References1
VulnCheck KEV
VulnCheck KEV
added 2023/11/27 12:0 a.m.11 views

VulnCheck KEV: CVE-2023-0552

The Registration Forms WordPress plugin before 3.8.2.3 does not properly validate the redirection URL when logging in and login out, leading to an Open Redirect vulnerability...

5.4CVSS6.7AI score0.24263EPSS
Exploits2References1
BDU FSTEC
BDU FSTEC
added 2023/11/09 12:0 a.m.11 views

The vulnerability of the Registration Forms plugin in the WordPress content management system allows a hacker to redirect users to arbitrary websites.

The vulnerability of the Registration Forms plugin in the WordPress content management system involves redirecting URLs to an unreliable website. Exploiting this vulnerability could allow a malicious actor to redirect users to arbitrary websites...

5.5CVSS6.7AI score0.24263EPSS
Exploits2References2Affected Software1
Patchstack
Patchstack
added 2023/11/07 12:0 a.m.20 views

WordPress Ninja Forms Plugin < 3.6.34 is vulnerable to Cross Site Scripting (XSS)

Software Ninja Forms Type Plugin Vulnerable versions 3.6.34 Fixed in 3.6.34 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-5530 Patch priority Low CVSS severity Low 5.9 Developer Claim ownership PSID a9b2d204bb4c Credits Jonathan Zamora Required...

4.8CVSS6AI score0.0062EPSS
Exploits2References3Affected Software1
OSV
OSV
added 2023/11/06 9:15 p.m.3 views

CVE-2023-5530

The Ninja Forms Contact Form WordPress plugin before 3.6.34 does not sanitize and escape its label fields, which could allow high privilege users such as admin to perform Stored XSS attacks. Only users with the unfilteredhtml capability can perform this, and such users are already allowed to use ...

4.8CVSS5.8AI score0.0062EPSS
Exploits2References2
OSV
OSV
added 2023/10/31 12:15 p.m.5 views

CVE-2023-5073

The iframe forms plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'iframe' shortcode in versions up to, and including, 1.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and...

5.4CVSS7AI score0.00403EPSS
Exploits1References2
Patchstack
Patchstack
added 2023/10/24 12:0 a.m.8 views

WordPress Quill Forms Plugin <= 3.3.0 is vulnerable to Broken Access Control

Software Quill Forms Type Plugin Vulnerable versions = 3.3.0 Fixed in 3.4.0 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2023-46610 Patch priority High CVSS severity High 6.5 Developer Claim ownership PSID f234d1eb3578 Credits Abdi Pranata Required privilege...

6.5AI score0.00364EPSS
Exploits0References2Affected Software1
OSV
OSV
added 2023/08/30 3:15 p.m.4 views

CVE-2023-4109

The Ninja Forms WordPress Ninja Forms Contact Form WordPress plugin before 3.6.26 was affected by a HTML Injection security vulnerability...

4.8CVSS7.3AI score0.00379EPSS
Exploits2References1
OSV
OSV
added 2023/07/17 2:15 p.m.5 views

CVE-2023-0439

The NEX-Forms WordPress plugin before 8.4.4 does not escape its form name, which could lead to Stored Cross-Site Scripting issues. By default only SuperAdmins in multisite / admins in single site can create forms, however there is a settings allowing them to give lower roles access to such featur...

5.4CVSS5.8AI score0.00367EPSS
Exploits1References1
Positive Technologies
Positive Technologies
added 2023/07/17 12:0 a.m.9 views

PT-2023-16270 · WordPress · Nex-Forms

Name of the Vulnerable Software and Affected Versions: NEX-Forms WordPress plugin versions prior to 8.4.4 Description: The issue is related to Stored Cross-Site Scripting, which could be caused by the lack of proper escaping of the form name. This could potentially be exploited by users with acce...

5.4CVSS6AI score0.00367EPSS
Exploits1References3
Vulnrichment
Vulnrichment
added 2023/06/20 1:30 p.m.17 views

CVE-2023-35095 WordPress Flo Forms Plugin <= 1.0.40 is vulnerable to Cross Site Scripting (XSS)

Auth. admin+ Stored Cross-Site Scripting XSS vulnerability in Flothemes Flo Forms – Easy Drag & Drop Form Builder plugin = 1.0.40 versions...

5.9CVSS5.6AI score0.00369EPSS
Exploits0References1
OSV
OSV
added 2023/06/07 2:15 a.m.5 views

CVE-2021-4367

The Flo Forms – Easy Drag & Drop Form Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via Options Change by using the floimportformsoptions AJAX action in versions up to, and including, 1.0.35 due to insufficient input sanitization and output escaping along with missing...

5.4CVSS5.9AI score
Exploits0References3
OSV
OSV
added 2023/06/07 2:15 a.m.3 views

CVE-2020-36717

The Kali Forms plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.1.1. This is due to incorrect nonce handling throughout the plugin's function. This makes it possible for unauthenticated attackers to access the plugin's administrative functions v...

8.8CVSS5.6AI score0.00478EPSS
Exploits1References2
Prion
Prion
added 2023/06/07 2:15 a.m.29 views

Authentication flaw

The Kali Forms plugin for WordPress is vulnerable to Authenticated Options Change in versions up to, and including, 2.1.1. This is due to the updateoption lacking proper authentication checks. This makes it possible for any authenticated attacker to change or delete the plugin's settings...

5.5CVSS6.8AI score0.00793EPSS
Exploits1References3Affected Software1
Prion
Prion
added 2023/06/07 2:15 a.m.24 views

Design/Logic Flaw

The Kali Forms plugin for WordPress is vulnerable to Unauthenticated Arbitrary Post Deletion in versions up to, and including, 2.1.1. This is due to the kaliformsformdeleteuploadedfile function lacking any privilege or user protections. This makes it possible for unauthenticated attackers to dele...

5CVSS5.3AI score0.00735EPSS
Exploits1References2Affected Software1
Vulnrichment
Vulnrichment
added 2023/06/07 1:51 a.m.24 views

CVE-2020-36717 Kali Forms <= 2.1.1 - Cross-Site Request Forgery

The Kali Forms plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.1.1. This is due to incorrect nonce handling throughout the plugin's function. This makes it possible for unauthenticated attackers to access the plugin's administrative functions v...

8.8CVSS7.1AI score0.00478EPSS
Exploits1References2
Positive Technologies
Positive Technologies
added 2023/06/07 12:0 a.m.6 views

PT-2023-12478

Name of the Vulnerable Software and Affected Versions: The Flo Forms – Easy Drag & Drop Form Builder plugin for WordPress versions up to, and including, 1.0.35 Description: The issue is related to Stored Cross-Site Scripting via Options Change, which occurs when using the flo import forms options...

6.4CVSS5.2AI score0.0067EPSS
Exploits1References7
Patchstack
Patchstack
added 2023/06/01 12:0 a.m.7 views

WordPress Formidable Forms Plugin < 6.3.1 is vulnerable to Broken Access Control

Software Formidable Forms Type Plugin Vulnerable versions 6.3.1 Fixed in 6.3.1 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE N/A Patch priority Medium CVSS severity Medium 5.4 Developer Claim ownership PSID bb421c7db580 Credits WordFence Required privilege...

6.8AI score
Exploits0References2Affected Software1
OSV
OSV
added 2023/05/31 4:15 a.m.5 views

CVE-2023-2836

The CRM Perks Forms plugin for WordPress is vulnerable to Stored Cross-Site Scripting via form settings in versions up to, and including, 1.1.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and...

4.8CVSS6.7AI score0.00604EPSS
Exploits2References3
CVE
CVE
added 2023/05/31 3:36 a.m.59 views

CVE-2023-2836

CVE-2023-2836 applies to the CRM Perks Forms plugin for WordPress. It is a stored XSS vulnerability in form settings, affecting versions up to and including 1.1.1. The root cause is insufficient input sanitization and output escaping, allowing an authenticated attacker with administrator-level pe...

4.8CVSS4.9AI score0.00604EPSS
Exploits2References3Affected Software1
Rows per page
Query Builder