10 matches found
CVE-2023-52192
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Keap Keap Official Opt-in Forms allows Stored XSS.This issue affects Keap Official Opt-in Forms: from n/a through 1.0.11...
CVE-2024-13725
The Keap Official Opt-in Forms plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 2.0.1 via the service parameter. This makes it possible for unauthenticated attackers to include PHP files on the server, allowing the execution of any PHP code in those...
PT-2024-32700 · Keap · Keap Official Opt-In Forms
Name of the Vulnerable Software and Affected Versions: Keap Official Opt-in Forms versions prior to 2.0.1 Description: The issue is related to Improper Neutralization of Input During Web Page Generation, also known as Cross-site Scripting XSS. This allows for Stored XSS attacks. Recommendations:...
WordPress Keap Official Opt-in Forms plugin <= 2.0.3 - Cross Site Scripting (XSS) vulnerability
Cross Site Scripting XSS vulnerability discovered by stealthcopter Patchstack Alliance in WordPress Plugin Keap Official Opt-in Forms versions = 2.0.3...
CVE-2023-52192
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Keap Keap Official Opt-in Forms allows Stored XSS.This issue affects Keap Official Opt-in Forms: from n/a through 1.0.11...
WordPress plugin Keap Official Opt-in Forms Cross-Site Scripting Vulnerability
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. WordPress plugin is an application plugin that supports personal blogs on PHP and MySQL servers. A cross-site scripting vulnerability exists in the...
PT-2024-14459 · Keap · Keap Official Opt-In Forms
Name of the Vulnerable Software and Affected Versions: Keap Official Opt-in Forms versions 1.0.11 and earlier Description: The issue is related to improper neutralization of input during web page generation, which allows for stored cross-site scripting XSS. This means that an attacker can inject...
CVE-2023-6941
The Keap Official Opt-in Forms WordPress plugin through 1.0.11 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example, in multisite set...
PT-2024-15133 · WordPress · Keap Official Opt-In Forms
Name of the Vulnerable Software and Affected Versions: Keap Official Opt-in Forms WordPress plugin versions 1.0.11 and earlier Description: The issue allows high privilege users, such as admins, to perform Stored Cross-Site Scripting attacks due to the plugin's failure to sanitise and escape some...
Keap Official Opt-in Forms <= 1.0.11 - Admin+ Stored XSS
Description The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example, in multisite setup. 1. Store the script in non-sanitized...