60 matches found
CVE-2024-10054
The Happyforms WordPress plugin before 1.26.3 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...
CVE-2024-10054 Happyforms < 1.26.3 - Admin+ Stored XSS
The Happyforms WordPress plugin before 1.26.3 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...
CVE-2024-10054 Happyforms < 1.26.3 - Admin+ Stored XSS
The Happyforms WordPress plugin before 1.26.3 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...
CVE-2024-10054
The CVE-2024-10054 entry concerns the WordPress Happyforms plugin (versions before 1.26.3). Affected component: settings sanitization/escaping in the plugin allows high-privilege users (e.g., admins) to perform Stored Cross-Site Scripting, potentially even when unfiltered_html is disallowed (nota...
PT-2025-21393 · WordPress · Happyforms
Name of the Vulnerable Software and Affected Versions: Happyforms versions prior to 1.26.3 Description: The issue concerns the Happyforms plugin for WordPress, where certain settings are not properly sanitized and escaped. This could allow high-privilege users, such as administrators, to perform...
WordPress plugin Happyforms 安全漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...
CVE-2024-44063
Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in Happyforms allows Stored XSS.This issue affects Happyforms: from n/a through 1.26.0...
CVE-2024-44063
Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in Happyforms allows Stored XSS.This issue affects Happyforms: from n/a through 1.26.0...
CVE-2024-44063 WordPress Happyforms plugin <= 1.26.0 - Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in Happyforms allows Stored XSS.This issue affects Happyforms: from n/a through 1.26.0...
CVE-2024-44063
CVE-2024-44063 affects the WordPress plugin Happyforms. A stored XSS exists due to improper neutralization of input during web page generation, affecting Happyforms 1.26.0 and earlier. The risk is that malicious input could be stored and executed in user contexts. Remediation per connected source...
CVE-2024-44063 WordPress Happyforms plugin <= 1.26.0 - Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in Happyforms allows Stored XSS.This issue affects Happyforms: from n/a through 1.26.0...
WordPress plugin Happyforms 跨站脚本漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site scripting...
PT-2024-30931 · Unknown · Happyforms
Name of the Vulnerable Software and Affected Versions: Happyforms versions 1.26.0 and earlier Description: The issue is related to Improper Neutralization of Input During Web Page Generation, also known as Cross-site Scripting XSS or Stored XSS. This allows for the storage of malicious scripts in...
WordPress Happyforms plugin <= 1.26.0 - Cross Site Scripting (XSS) vulnerability
Cross Site Scripting XSS vulnerability discovered by Michael Patchstack Alliance in WordPress Plugin Happyforms versions = 1.26.0...
WordPress Happyforms Plugin <= 1.26.0 is vulnerable to Cross Site Scripting (XSS)
Software Happyforms Type Plugin Vulnerable versions = 1.26.0 Fixed in 1.26.1 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-44063 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID d6c37633b847 Credits Michael Required privilege Author Publish...
CVE-2024-23521
Missing Authorization vulnerability in Happyforms.This issue affects Happyforms: from n/a through 1.25.10...
CVE-2024-23521
Missing Authorization vulnerability in Happyforms.This issue affects Happyforms: from n/a through 1.25.10...
CVE-2024-23521 WordPress Happyforms plugin <= 1.25.10 - Broken Access Control vulnerability
Missing Authorization vulnerability in Happyforms.This issue affects Happyforms: from n/a through 1.25.10...
CVE-2024-23521 WordPress Happyforms plugin <= 1.25.10 - Broken Access Control vulnerability
Missing Authorization vulnerability in Happyforms.This issue affects Happyforms: from n/a through 1.25.10...
PT-2024-19923 · Unknown · Happyforms
Name of the Vulnerable Software and Affected Versions: Happyforms versions 1.25.10 and earlier Description: The issue is related to a Missing Authorization vulnerability in Happyforms. Recommendations: For versions 1.25.10 and earlier, update to a version later than 1.25.10 to resolve the issue...