481 matches found
CVE-2022-4024
The Registration Forms WordPress plugin before 3.8.1.3 does not have authorisation and CSRF when deleting users via an init action handler, allowing unauthenticated attackers to delete arbitrary users along with their posts...
Cross site request forgery (csrf)
The Registration Forms WordPress plugin before 3.8.1.3 does not have authorisation and CSRF when deleting users via an init action handler, allowing unauthenticated attackers to delete arbitrary users along with their posts...
WordPress plugin Registration Forms 安全漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. WordPress plugin is an application plugin that supports personal blogs on PHP and MySQL servers. A security vulnerability exists in the WordPress plugin...
WordPress Google Forms plugin cross-site scripting vulnerability
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. WordPress Google Forms plug...
CVE-2022-3834
The Google Forms WordPress plugin through 0.95 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...
PT-2022-24377 · WordPress · Google Forms
Name of the Vulnerable Software and Affected Versions: Google Forms WordPress plugin versions 0.95 and earlier Description: The issue allows high privilege users, such as admins, to perform Stored Cross-Site Scripting attacks. This can occur even when the unfiltered html capability is disallowed,...
CVE-2022-44628
Auth. admin+ Stored Cross-Site Scripting XSS vulnerability in JumpDEMAND Inc. 4ECPS Web Forms plugin = 0.2.17 on WordPress...
CVE-2022-44628
Auth. admin+ Stored Cross-Site Scripting XSS vulnerability in JumpDEMAND Inc. 4ECPS Web Forms plugin = 0.2.17 on WordPress...
CVE-2022-36791
Authenticated contributor+ Stored Cross-Site Scripting XSS vulnerability in Awesome UG Torro Forms plugin = 1.0.16 at WordPress...
CVE-2022-36791
Authenticated contributor+ Stored Cross-Site Scripting XSS vulnerability in Awesome UG Torro Forms plugin = 1.0.16 at WordPress...
Cross site scripting
Authenticated contributor+ Stored Cross-Site Scripting XSS vulnerability in Awesome UG Torro Forms plugin = 1.0.16 at WordPress...
CVE-2022-36791
The CVE-2022-36791 entry covers a Stored Cross-Site Scripting (XSS) in the WordPress plugin Awesome UG Torro Forms
CVE-2022-3142
The NEX-Forms WordPress plugin before 7.9.7 does not properly sanitise and escape user input before using it in SQL statements, leading to SQL injections. The attack can be executed by anyone who is permitted to view the forms statistics chart, by default administrators, however can be configured...
CVE-2022-40191
Authenticated subscriber+ Stored Cross-Site Scripting XSS vulnerability in Ali Khallad's Contact Form By Mega Forms plugin = 1.2.4 at WordPress...
CVE-2022-40191 WordPress Contact Form By Mega Forms plugin <= 1.2.4 - Authenticated Stored Cross-Site Scripting (XSS) vulnerability
Authenticated subscriber+ Stored Cross-Site Scripting XSS vulnerability in Ali Khallad's Contact Form By Mega Forms plugin = 1.2.4 at WordPress...
PT-2022-25272 · WordPress · Ali Khallad'S Contact Form By Mega Forms
Name of the Vulnerable Software and Affected Versions: Ali Khallad's Contact Form By Mega Forms plugin versions = 1.2.4 Description: The issue is an Authenticated Stored Cross-Site Scripting XSS vulnerability. This means that an attacker with subscriber or higher privileges can inject malicious...
WordPress Forms by Pie Forms 跨站脚本漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation. WordPress is a set of blogging platforms developed using the PHP language. WordPress plugin is an application plugin. cross-site scripting vulnerability exists in versions prior to Forms by Pie Forms plugin 1.4.9.4, whi...
WordPress Smart Forms Plugin Information Disclosure Vulnerability
WordPress is a set of blogging platforms developed using the PHP language by the Wordpress Foundation. The platform supports setting up personal blog sites on servers with PHP and MySQL. An information disclosure vulnerability exists in WordPress Smart Forms Plugin versions prior to 2.6.71, which...
CVE-2021-24689 Contact Forms - Drag & Drop Contact Form Builder <= 1.0.5 - Admin+ Arbitrary System File Read
The Contact Forms - Drag & Drop Contact Form Builder WordPress plugin through 1.0.5 allows high privilege users to download arbitrary files from the web server via a path traversal attack...
WordPress 插件跨站脚本漏洞
WordPress is the Wordpress Foundation's suite of blogging platforms developed using the PHP language. The platform supports setting up personal blogging sites on servers with PHP and MySQL.The WordPress everest-forms plugin has a cross-site scripting vulnerability in versions prior to 1.8.0. The...