Lucene search
K

481 matches found

OSV
OSV
added 2022/12/19 2:15 p.m.7 views

CVE-2022-4024

The Registration Forms WordPress plugin before 3.8.1.3 does not have authorisation and CSRF when deleting users via an init action handler, allowing unauthenticated attackers to delete arbitrary users along with their posts...

6.5CVSS5.9AI score0.00334EPSS
Exploits2References1
Prion
Prion
added 2022/12/19 2:15 p.m.24 views

Cross site request forgery (csrf)

The Registration Forms WordPress plugin before 3.8.1.3 does not have authorisation and CSRF when deleting users via an init action handler, allowing unauthenticated attackers to delete arbitrary users along with their posts...

4.3CVSS6.6AI score0.00334EPSS
Exploits2References1Affected Software1
CNNVD
CNNVD
added 2022/12/19 12:0 a.m.9 views

WordPress plugin Registration Forms 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. WordPress plugin is an application plugin that supports personal blogs on PHP and MySQL servers. A security vulnerability exists in the WordPress plugin...

6.5CVSS6.6AI score0.00334EPSS
Exploits2References2
CNVD
CNVD
added 2022/11/30 12:0 a.m.17 views

WordPress Google Forms plugin cross-site scripting vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. WordPress Google Forms plug...

4.8CVSS4.9AI score0.00501EPSS
Exploits1References1
OSV
OSV
added 2022/11/28 2:15 p.m.4 views

CVE-2022-3834

The Google Forms WordPress plugin through 0.95 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

4.8CVSS5.8AI score0.00501EPSS
Exploits1References1
Positive Technologies
Positive Technologies
added 2022/11/28 12:0 a.m.7 views

PT-2022-24377 · WordPress · Google Forms

Name of the Vulnerable Software and Affected Versions: Google Forms WordPress plugin versions 0.95 and earlier Description: The issue allows high privilege users, such as admins, to perform Stored Cross-Site Scripting attacks. This can occur even when the unfiltered html capability is disallowed,...

4.8CVSS4.6AI score0.00501EPSS
Exploits1References3
NVD
NVD
added 2022/11/03 8:15 p.m.13 views

CVE-2022-44628

Auth. admin+ Stored Cross-Site Scripting XSS vulnerability in JumpDEMAND Inc. 4ECPS Web Forms plugin = 0.2.17 on WordPress...

5.9CVSS0.00412EPSS
Exploits0References2
OSV
OSV
added 2022/11/03 8:15 p.m.6 views

CVE-2022-44628

Auth. admin+ Stored Cross-Site Scripting XSS vulnerability in JumpDEMAND Inc. 4ECPS Web Forms plugin = 0.2.17 on WordPress...

4.8CVSS5.8AI score0.00412EPSS
Exploits0References2
NVD
NVD
added 2022/09/23 3:15 p.m.25 views

CVE-2022-36791

Authenticated contributor+ Stored Cross-Site Scripting XSS vulnerability in Awesome UG Torro Forms plugin = 1.0.16 at WordPress...

5.4CVSS0.00458EPSS
Exploits0References2
OSV
OSV
added 2022/09/23 3:15 p.m.5 views

CVE-2022-36791

Authenticated contributor+ Stored Cross-Site Scripting XSS vulnerability in Awesome UG Torro Forms plugin = 1.0.16 at WordPress...

5.4CVSS5.8AI score0.00458EPSS
Exploits0References2
Prion
Prion
added 2022/09/23 3:15 p.m.19 views

Cross site scripting

Authenticated contributor+ Stored Cross-Site Scripting XSS vulnerability in Awesome UG Torro Forms plugin = 1.0.16 at WordPress...

4.9CVSS5.2AI score0.00458EPSS
Exploits0References2Affected Software1
CVE
CVE
added 2022/09/23 2:22 p.m.63 views

CVE-2022-36791

The CVE-2022-36791 entry covers a Stored Cross-Site Scripting (XSS) in the WordPress plugin Awesome UG Torro Forms

5.4CVSS5.2AI score0.00458EPSS
Exploits0References2Affected Software1
ATTACKERKB
ATTACKERKB
added 2022/09/19 2:15 p.m.2 views

CVE-2022-3142

The NEX-Forms WordPress plugin before 7.9.7 does not properly sanitise and escape user input before using it in SQL statements, leading to SQL injections. The attack can be executed by anyone who is permitted to view the forms statistics chart, by default administrators, however can be configured...

8.8CVSS7.3AI score0.10375EPSS
Exploits5References6
OSV
OSV
added 2022/09/09 3:15 p.m.5 views

CVE-2022-40191

Authenticated subscriber+ Stored Cross-Site Scripting XSS vulnerability in Ali Khallad's Contact Form By Mega Forms plugin = 1.2.4 at WordPress...

5.4CVSS5.8AI score0.00438EPSS
Exploits0References2
Cvelist
Cvelist
added 2022/09/09 2:39 p.m.38 views

CVE-2022-40191 WordPress Contact Form By Mega Forms plugin <= 1.2.4 - Authenticated Stored Cross-Site Scripting (XSS) vulnerability

Authenticated subscriber+ Stored Cross-Site Scripting XSS vulnerability in Ali Khallad's Contact Form By Mega Forms plugin = 1.2.4 at WordPress...

5.4CVSS5.4AI score0.00438EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2022/09/09 12:0 a.m.17 views

PT-2022-25272 · WordPress · Ali Khallad'S Contact Form By Mega Forms

Name of the Vulnerable Software and Affected Versions: Ali Khallad's Contact Form By Mega Forms plugin versions = 1.2.4 Description: The issue is an Authenticated Stored Cross-Site Scripting XSS vulnerability. This means that an attacker with subscriber or higher privileges can inject malicious...

5.4CVSS5.2AI score0.00438EPSS
Exploits0References5
CNNVD
CNNVD
added 2022/06/08 12:0 a.m.8 views

WordPress Forms by Pie Forms 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation. WordPress is a set of blogging platforms developed using the PHP language. WordPress plugin is an application plugin. cross-site scripting vulnerability exists in versions prior to Forms by Pie Forms plugin 1.4.9.4, whi...

4.8CVSS5.7AI score0.00565EPSS
Exploits2References2
CNVD
CNVD
added 2022/03/09 12:0 a.m.23 views

WordPress Smart Forms Plugin Information Disclosure Vulnerability

WordPress is a set of blogging platforms developed using the PHP language by the Wordpress Foundation. The platform supports setting up personal blog sites on servers with PHP and MySQL. An information disclosure vulnerability exists in WordPress Smart Forms Plugin versions prior to 2.6.71, which...

6.5CVSS6.2AI score0.00973EPSS
Exploits2References1
Cvelist
Cvelist
added 2022/02/28 9:6 a.m.31 views

CVE-2021-24689 Contact Forms - Drag & Drop Contact Form Builder <= 1.0.5 - Admin+ Arbitrary System File Read

The Contact Forms - Drag & Drop Contact Form Builder WordPress plugin through 1.0.5 allows high privilege users to download arbitrary files from the web server via a path traversal attack...

5.3AI score0.01299EPSS
Exploits1References1
CNNVD
CNNVD
added 2021/12/21 12:0 a.m.6 views

WordPress 插件跨站脚本漏洞

WordPress is the Wordpress Foundation's suite of blogging platforms developed using the PHP language. The platform supports setting up personal blogging sites on servers with PHP and MySQL.The WordPress everest-forms plugin has a cross-site scripting vulnerability in versions prior to 1.8.0. The...

6.1CVSS5.2AI score0.00907EPSS
Exploits2References1
Rows per page
Query Builder