CVE-2022-44628

Auth. admin+ Stored Cross-Site Scripting XSS vulnerability in JumpDEMAND Inc. 4ECPS Web Forms plugin = 0.2.17 on WordPress...

CVE-2022-44628

Auth. admin+ Stored Cross-Site Scripting XSS vulnerability in JumpDEMAND Inc. 4ECPS Web Forms plugin = 0.2.17 on WordPress...

CVE-2022-36791

Authenticated contributor+ Stored Cross-Site Scripting XSS vulnerability in Awesome UG Torro Forms plugin = 1.0.16 at WordPress...

CVE-2022-36791

Authenticated contributor+ Stored Cross-Site Scripting XSS vulnerability in Awesome UG Torro Forms plugin = 1.0.16 at WordPress...

Cross site scripting

Authenticated contributor+ Stored Cross-Site Scripting XSS vulnerability in Awesome UG Torro Forms plugin = 1.0.16 at WordPress...

CVE-2022-36791

The CVE-2022-36791 entry covers a Stored Cross-Site Scripting (XSS) in the WordPress plugin Awesome UG Torro Forms

CVE-2022-3142

The NEX-Forms WordPress plugin before 7.9.7 does not properly sanitise and escape user input before using it in SQL statements, leading to SQL injections. The attack can be executed by anyone who is permitted to view the forms statistics chart, by default administrators, however can be configured...

CVE-2022-40191

Authenticated subscriber+ Stored Cross-Site Scripting XSS vulnerability in Ali Khallad's Contact Form By Mega Forms plugin = 1.2.4 at WordPress...

CVE-2022-40191 WordPress Contact Form By Mega Forms plugin <= 1.2.4 - Authenticated Stored Cross-Site Scripting (XSS) vulnerability

Authenticated subscriber+ Stored Cross-Site Scripting XSS vulnerability in Ali Khallad's Contact Form By Mega Forms plugin = 1.2.4 at WordPress...

PT-2022-25272 · WordPress · Ali Khallad'S Contact Form By Mega Forms

Name of the Vulnerable Software and Affected Versions: Ali Khallad's Contact Form By Mega Forms plugin versions = 1.2.4 Description: The issue is an Authenticated Stored Cross-Site Scripting XSS vulnerability. This means that an attacker with subscriber or higher privileges can inject malicious...

WordPress Forms by Pie Forms 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation. WordPress is a set of blogging platforms developed using the PHP language. WordPress plugin is an application plugin. cross-site scripting vulnerability exists in versions prior to Forms by Pie Forms plugin 1.4.9.4, whi...

WordPress Smart Forms Plugin Information Disclosure Vulnerability

WordPress is a set of blogging platforms developed using the PHP language by the Wordpress Foundation. The platform supports setting up personal blog sites on servers with PHP and MySQL. An information disclosure vulnerability exists in WordPress Smart Forms Plugin versions prior to 2.6.71, which...

CVE-2021-24689 Contact Forms - Drag & Drop Contact Form Builder <= 1.0.5 - Admin+ Arbitrary System File Read

The Contact Forms - Drag & Drop Contact Form Builder WordPress plugin through 1.0.5 allows high privilege users to download arbitrary files from the web server via a path traversal attack...

WordPress 插件跨站脚本漏洞

WordPress is the Wordpress Foundation's suite of blogging platforms developed using the PHP language. The platform supports setting up personal blogging sites on servers with PHP and MySQL.The WordPress everest-forms plugin has a cross-site scripting vulnerability in versions prior to 1.8.0. The...

CVE-2021-24889

The Ninja Forms Contact Form WordPress plugin before 3.6.4 does not escape keys of the fields POST parameter, which could allow high privilege users to perform SQL injections attacks...

CVE-2021-24628

The Wow Forms WordPress plugin through 3.1.3 does not sanitise or escape a 'did' GET parameter before using it in a SQL statement, when deleting a form in the admin dashboard, leading to an authenticated SQL injection...

WordPress SQL注入漏洞

WordPress is a set of blogging platforms developed using the PHP language by the Wordpress Foundation. The platform supports setting up personal blog sites on servers with PHP and MySQL. A security vulnerability exists in the WordPress Wow Forms plugin in version 3.1.3 and earlier, which stems fr...

WordPress Ninja Forms Plugin < 3.5.8 Multiple Vulnerabilities

The WordPress plugin Copyright C 2021 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can redistribute it and/or modify it...

VulnCheck KEV: CVE-2021-24647

The Registration Forms – User profile, Content Restriction, Spam Protection, Payment Gateways, Invitation Codes WordPress plugin before 3.1.7.6 has a flaw in the social login implementation, allowing unauthenticated attacker to login as any user on the site by only knowing their user ID or userna...

CVE-2021-34647

The Ninja Forms WordPress plugin is vulnerable to sensitive information disclosure via the bulkexportsubmissions function found in the /includes/Routes/Submissions.php file, in versions up to and including 3.5.7. This allows authenticated attackers to export all Ninja Forms submissions data via t...