Lucene search
K

100 matches found

WPVulnDB
WPVulnDB
added 2024/02/14 12:0 a.m.19 views

Multi Step Form < 1.7.19 - Form Deletion via CSRF

Description The plugin does not have CSRF check when deleting forms in via a bulk action, which could allow attackers to make logged in admins delete arbitrary forms via a CSRF attack...

5.8CVSS5.8AI score0.00186EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2024/02/12 12:0 a.m.13 views

WordPress Multi Step Form Plugin <= 1.7.18 is vulnerable to Cross Site Request Forgery (CSRF)

Software Multi Step Form Type Plugin Vulnerable versions = 1.7.18 Fixed in 1.7.19 OWASP Top 10 A1: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2024-25905 Patch priority Low CVSS severity Low 5.4 Developer Claim ownership PSID c40d82e8e1e2 Credits Benmalek Aymen...

5.4CVSS6.6AI score0.00186EPSS
Exploits0References2Affected Software1
NVD
NVD
added 2023/12/21 6:15 p.m.9 views

CVE-2023-50832

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Mondula GmbH Multi Step Form allows Stored XSS.This issue affects Multi Step Form: from n/a through 1.7.13...

5.9CVSS0.00402EPSS
Exploits1References1
Prion
Prion
added 2023/12/21 6:15 p.m.17 views

Cross site scripting

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Mondula GmbH Multi Step Form allows Stored XSS.This issue affects Multi Step Form: from n/a through 1.7.13...

4.3CVSS6.9AI score0.00402EPSS
Exploits1References1Affected Software1
Cvelist
Cvelist
added 2023/12/21 5:23 p.m.28 views

CVE-2023-50832 WordPress Multi Step Form Plugin <= 1.7.13 is vulnerable to Cross Site Scripting (XSS)

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Mondula GmbH Multi Step Form allows Stored XSS.This issue affects Multi Step Form: from n/a through 1.7.13...

5.9CVSS5.9AI score0.00402EPSS
Exploits1References1
CVE
CVE
added 2023/12/21 5:23 p.m.72 views

CVE-2023-50832

CVE-2023-50832 affects Mondula Multi Step Form (WordPress plugin) with Stored XSS due to improper neutralization during web page generation. Affected versions: Multi Step Form

5.9CVSS6.5AI score0.00402EPSS
Exploits1References1Affected Software1
CNNVD
CNNVD
added 2023/12/21 12:0 a.m.3 views

WordPress plugin Multi Step Form Cross-Site Scripting Vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A cross-site scripting vulnerability exists...

5.9CVSS6.1AI score0.00402EPSS
Exploits1References2
Positive Technologies
Positive Technologies
added 2023/12/21 12:0 a.m.6 views

PT-2023-31663 · Mondula Gmbh · Multi Step Form

Name of the Vulnerable Software and Affected Versions: Mondula GmbH Multi Step Form versions 1.7.13 and earlier Description: The issue is related to Improper Neutralization of Input During Web Page Generation, also known as Cross-site Scripting. This allows for Stored XSS attacks. Recommendations...

5.9CVSS5.6AI score0.00402EPSS
Exploits1References4
Patchstack
Patchstack
added 2023/12/19 12:0 a.m.11 views

WordPress Multi Step Form Plugin <= 1.7.16 is vulnerable to Cross Site Scripting (XSS)

Software Multi Step Form Type Plugin Vulnerable versions = 1.7.16 Fixed in 1.7.17 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2023-50832 Patch priority Low CVSS severity Low 5.9 Developer Claim ownership PSID 5debd5a6baa3 Credits Benmalek Aymen centaurus Required...

5.9CVSS6.6AI score0.00402EPSS
Exploits1References2Affected Software1
OSV
OSV
added 2023/12/04 10:15 p.m.4 views

CVE-2023-5990

The Interactive Contact Form and Multi Step Form Builder with Drag & Drop Editor WordPress plugin before 3.4.2 does not have CSRF checks on some of its form actions such as deletion and duplication, which could allow attackers to make logged in admin perform such actions via CSRF attacks...

6.5CVSS5.8AI score
Exploits0References1
CNNVD
CNNVD
added 2023/12/04 12:0 a.m.4 views

WordPress plugin Interactive Contact Form and Multi Step Form Builder with Drag & Drop Editor Security Vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. The WordPress plugin Interactive Contact Fo...

6.5CVSS6.5AI score0.0027EPSS
Exploits2References1
WPVulnDB
WPVulnDB
added 2023/11/29 12:0 a.m.18 views

Multi Step Form < 1.7.13 - Form Update/Deletion via CSRF

Description The plugin does not have CSRF checks when deleting, updating and duplicating forms, which could allow attackers to make logged in admins perform such actions via CSRF attacks...

8.8CVSS6.9AI score0.00264EPSS
Exploits0References1Affected Software1
NVD
NVD
added 2023/11/22 6:15 p.m.21 views

CVE-2023-47758

Cross-Site Request Forgery CSRF vulnerability in Mondula GmbH Multi Step Form plugin = 1.7.11 versions...

8.8CVSS0.00264EPSS
Exploits0References1
Prion
Prion
added 2023/11/22 6:15 p.m.16 views

Cross site request forgery (csrf)

Cross-Site Request Forgery CSRF vulnerability in Mondula GmbH Multi Step Form plugin = 1.7.11 versions...

6.8CVSS7.3AI score0.00264EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2023/11/22 6:9 p.m.26 views

CVE-2023-47758 WordPress Multi Step Form Plugin <= 1.7.11 is vulnerable to Cross Site Request Forgery (CSRF)

Cross-Site Request Forgery CSRF vulnerability in Mondula GmbH Multi Step Form plugin = 1.7.11 versions...

5.4CVSS9AI score0.00264EPSS
Exploits0References1
CVE
CVE
added 2023/11/22 6:9 p.m.44 views

CVE-2023-47758

The CVE-2023-47758 entry concerns Mondula GmbH’s WordPress Multi Step Form plugin. Affected versions are prior to 1.7.12 (per PT Security) and

8.8CVSS7.1AI score0.00264EPSS
Exploits0References1Affected Software1
CNNVD
CNNVD
added 2023/11/22 12:0 a.m.3 views

WordPress Plugin Multi Step Form Cross-Site Request Forgery Vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A cross-site request forgery vulnerability...

8.8CVSS6.5AI score0.00264EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2023/11/22 12:0 a.m.6 views

PT-2023-30591 · Mondula Gmbh · Multi Step Form

Name of the Vulnerable Software and Affected Versions: Mondula GmbH Multi Step Form plugin versions prior to 1.7.12 Description: The issue is related to a Cross-Site Request Forgery CSRF vulnerability. This type of vulnerability allows an attacker to trick a user into performing unintended action...

8.8CVSS8.5AI score0.00264EPSS
Exploits0References3
Patchstack
Patchstack
added 2023/11/13 12:0 a.m.11 views

WordPress Multi Step Form Plugin <= 1.7.12 is vulnerable to Cross Site Request Forgery (CSRF)

Software Multi Step Form Type Plugin Vulnerable versions = 1.7.12 Fixed in 1.7.13 OWASP Top 10 A5: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2023-47758 Patch priority Low CVSS severity Low 5.4 Developer Claim ownership PSID cf47dd5c9cf5 Credits thiennv Required...

8.8CVSS6.7AI score0.00264EPSS
Exploits0References2Affected Software1
NVD
NVD
added 2023/10/16 8:15 p.m.25 views

CVE-2023-4950

The Interactive Contact Form and Multi Step Form Builder WordPress plugin before 3.4 does not sanitise and escape some parameters, which could allow unauthenticated users to perform Cross-Site Scripting attacks...

6.1CVSS6AI score0.0047EPSS
Exploits2References1
Rows per page
Query Builder