Adobe Acrobat Pro DC XFA Form Parsing Use-After-Free Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Adobe Acrobat Pro DC. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the Acrobat...

CVE-2018-19796

CVE-2018-19796 – Open Redirect in Ninja Forms (WordPress) . Affected software: WordPress Ninja Forms plugin versions before 3.3.19.1. Component: lib/StepProcessing/step-processing.php (submission/download page). Root cause: improper handling of the redirect parameter enables remote attackers to r...

Design/Logic Flaw

XSS in the Ninja Forms plugin before 3.3.18 for WordPress allows Remote Attackers to execute JavaScript via the includes/Admin/Menus/Submissions.php aka submissions page begindate, enddate, or formid parameter...

CVE-2018-19287

CVE-2018-19287 affects WordPress Ninja Forms plugin

CVE-2018-7747

Multiple cross-site scripting XSS vulnerabilities in the Caldera Forms plugin before 1.6.0-rc.1 for WordPress allow remote attackers to inject arbitrary web script or HTML via vectors involving 1 a greeting message, 2 the email transaction log, or 3 an imported form...

CVE-2017-1000033

Wordpress Plugin Vospari Forms version 1.4 is vulnerable to a reflected cross site scripting in the form submission resulting in javascript code execution in the context on the current user...

WordPress TDO Mini Forms Plugin <= 0.13.9 - Remote Code Execution

This plugin is prone to a remote code execution in tdomf-upload-inline.php. Solution Update the plugin...

WordPress A Forms Plugin <= 1.4.0 - Cross Site Request Forgery

This plugin is prone to a cross site request forgery vulnerability. Solution Update the plugin...

WordPress A Forms Plugin <= 1.4.0 - Cross Site Scripting

This plugin is prone to a cross site scripting vulnerability via: a-forms.php addfieldtosection function multiple parameter, a-forms.php aforminitialpage function multiple parameter, a-forms.php aformpage function multiple parameter, a-forms.php aformsectionpage Function message parameter,...

CVE-2015-2220

Multiple cross-site scripting XSS vulnerabilities in the Ninja Forms plugin before 2.8.9 for WordPress allow 1 remote attackers to inject arbitrary web script or HTML via the ninjaformsfield1 parameter in a ninjaformsajaxsubmit action to wp-admin/admin-ajax.php or 2 remote administrators to injec...

Code injection

Unspecified vulnerability in the Ninja Forms plugin before 2.8.10 for WordPress has unknown impact and remote attack vectors related to admin users...

WordPress Live Forms Plugin <= 1.2.0 - Cross Site Scripting

This plugin is prone to a cross site scripting vulnerability, because form input fields on blog front-end are not filtered. The attackers can inject arbitrary JavaScript or HTML code. Solution Update the plugin...

Wordpress InfusionSoft Upload

This module requires Metasploit: http//metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'msf/core' class Metasploit3 'Wordpress InfusionSoft Upload Vulnerability', 'Description' = %q This module exploits an arbitrary PHP code upload in the wordpress...

CVE-2014-6446

CVE-2014-6446 affects the WordPress Infusionsoft Gravity Forms Add-on. The vulnerability exists in versions 1.5.3–1.5.10 and stems from improper access restriction, enabling remote attackers to upload arbitrary files and execute PHP code via a request to utilities/code_generator.php. Affected sof...

A Forms 1.4.0 - a-forms.php a_form_shortcode Function Multiple Parameter XSS

The A Forms WordPress plugin was affected by an a-forms.php aformshortcode Function Multiple Parameter XSS security vulnerability...