CVE-2024-44063

CVE-2024-44063 affects the WordPress plugin Happyforms. A stored XSS exists due to improper neutralization of input during web page generation, affecting Happyforms 1.26.0 and earlier. The risk is that malicious input could be stored and executed in user contexts. Remediation per connected source...

PT-2024-30931 · Unknown · Happyforms

Name of the Vulnerable Software and Affected Versions: Happyforms versions 1.26.0 and earlier Description: The issue is related to Improper Neutralization of Input During Web Page Generation, also known as Cross-site Scripting XSS or Stored XSS. This allows for the storage of malicious scripts in...

WordPress plugin Happyforms 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site scripting...

WordPress Happyforms plugin <= 1.26.0 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by Michael Patchstack Alliance in WordPress Plugin Happyforms versions = 1.26.0...

WordPress Happyforms Plugin <= 1.26.0 is vulnerable to Cross Site Scripting (XSS)

Software Happyforms Type Plugin Vulnerable versions = 1.26.0 Fixed in 1.26.1 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-44063 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID d6c37633b847 Credits Michael Required privilege Author Publish...

CVE-2024-23521

Missing Authorization vulnerability in Happyforms.This issue affects Happyforms: from n/a through 1.25.10...

CVE-2024-23521

Missing Authorization vulnerability in Happyforms.This issue affects Happyforms: from n/a through 1.25.10...

CVE-2024-23521 WordPress Happyforms plugin <= 1.25.10 - Broken Access Control vulnerability

Missing Authorization vulnerability in Happyforms.This issue affects Happyforms: from n/a through 1.25.10...

CVE-2024-23521 WordPress Happyforms plugin <= 1.25.10 - Broken Access Control vulnerability

Missing Authorization vulnerability in Happyforms.This issue affects Happyforms: from n/a through 1.25.10...

PT-2024-19923 · Unknown · Happyforms

Name of the Vulnerable Software and Affected Versions: Happyforms versions 1.25.10 and earlier Description: The issue is related to a Missing Authorization vulnerability in Happyforms. Recommendations: For versions 1.25.10 and earlier, update to a version later than 1.25.10 to resolve the issue...

WordPress plugin Happyforms security vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...

Happyforms < 1.25.11 - Missing Authorization

Description The plugin is vulnerable to unauthorized access due to a missing capability check, allowing unauthenticated attackers to perform unauthorized actions...

WordPress Happyforms Plugin <= 1.25.10 is vulnerable to Broken Access Control

Software Happyforms Type Plugin Vulnerable versions = 1.25.10 Fixed in 1.25.11 OWASP Top 10 A1: Broken Access Control Classification Broken Access Control CVE CVE-2024-23521 Patch priority Low CVSS severity Low 5.3 Developer Claim ownership PSID b4266f49a3dd Credits Revan Arifio Required privileg...

Happyforms < 1.25.10 - Reflected Cross-Site Scripting

Description The plugin does not sanitise and escape a parameter before outputting it back in an hidden attribute, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin...

CVE-2023-48752

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Happyforms Form builder to get in touch with visitors, grow your email list and collect payments — Happyforms allows Reflected XSS.This issue affects Form builder to get in touch with visitors, gro...

CVE-2023-48752

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Happyforms Form builder to get in touch with visitors, grow your email list and collect payments — Happyforms allows Reflected XSS.This issue affects Form builder to get in touch with visitors, gro...

Cross site scripting

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Happyforms Form builder to get in touch with visitors, grow your email list and collect payments — Happyforms allows Reflected XSS.This issue affects Form builder to get in touch with visitors, gro...

CVE-2023-48752 WordPress Happyforms Plugin <= 1.25.9 is vulnerable to Cross Site Scripting (XSS)

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Happyforms Form builder to get in touch with visitors, grow your email list and collect payments — Happyforms allows Reflected XSS.This issue affects Form builder to get in touch with visitors, gro...

CVE-2023-48752

CVE-2023-48752 is a Reflected XSS in the WordPress Happyforms plugin (versions ≤ 1.25.9). Unauthenticated attackers could exploit input handling during page generation to execute script in a victim’s browser. Patch status varies by source: Wordfence lists the vulnerability as Unpatched for Happyf...

CVE-2023-48752 WordPress Happyforms Plugin <= 1.25.9 is vulnerable to Cross Site Scripting (XSS)

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Happyforms Form builder to get in touch with visitors, grow your email list and collect payments — Happyforms allows Reflected XSS.This issue affects Form builder to get in touch with visitors, gro...