100 matches found
Multi Step Form < 1.7.19 - Form Deletion via CSRF
Description The plugin does not have CSRF check when deleting forms in via a bulk action, which could allow attackers to make logged in admins delete arbitrary forms via a CSRF attack...
WordPress Multi Step Form Plugin <= 1.7.18 is vulnerable to Cross Site Request Forgery (CSRF)
Software Multi Step Form Type Plugin Vulnerable versions = 1.7.18 Fixed in 1.7.19 OWASP Top 10 A1: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2024-25905 Patch priority Low CVSS severity Low 5.4 Developer Claim ownership PSID c40d82e8e1e2 Credits Benmalek Aymen...
CVE-2023-50832
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Mondula GmbH Multi Step Form allows Stored XSS.This issue affects Multi Step Form: from n/a through 1.7.13...
Cross site scripting
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Mondula GmbH Multi Step Form allows Stored XSS.This issue affects Multi Step Form: from n/a through 1.7.13...
CVE-2023-50832 WordPress Multi Step Form Plugin <= 1.7.13 is vulnerable to Cross Site Scripting (XSS)
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Mondula GmbH Multi Step Form allows Stored XSS.This issue affects Multi Step Form: from n/a through 1.7.13...
CVE-2023-50832
CVE-2023-50832 affects Mondula Multi Step Form (WordPress plugin) with Stored XSS due to improper neutralization during web page generation. Affected versions: Multi Step Form
WordPress plugin Multi Step Form Cross-Site Scripting Vulnerability
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A cross-site scripting vulnerability exists...
PT-2023-31663 · Mondula Gmbh · Multi Step Form
Name of the Vulnerable Software and Affected Versions: Mondula GmbH Multi Step Form versions 1.7.13 and earlier Description: The issue is related to Improper Neutralization of Input During Web Page Generation, also known as Cross-site Scripting. This allows for Stored XSS attacks. Recommendations...
WordPress Multi Step Form Plugin <= 1.7.16 is vulnerable to Cross Site Scripting (XSS)
Software Multi Step Form Type Plugin Vulnerable versions = 1.7.16 Fixed in 1.7.17 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2023-50832 Patch priority Low CVSS severity Low 5.9 Developer Claim ownership PSID 5debd5a6baa3 Credits Benmalek Aymen centaurus Required...
CVE-2023-5990
The Interactive Contact Form and Multi Step Form Builder with Drag & Drop Editor WordPress plugin before 3.4.2 does not have CSRF checks on some of its form actions such as deletion and duplication, which could allow attackers to make logged in admin perform such actions via CSRF attacks...
WordPress plugin Interactive Contact Form and Multi Step Form Builder with Drag & Drop Editor Security Vulnerability
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. The WordPress plugin Interactive Contact Fo...
Multi Step Form < 1.7.13 - Form Update/Deletion via CSRF
Description The plugin does not have CSRF checks when deleting, updating and duplicating forms, which could allow attackers to make logged in admins perform such actions via CSRF attacks...
CVE-2023-47758
Cross-Site Request Forgery CSRF vulnerability in Mondula GmbH Multi Step Form plugin = 1.7.11 versions...
Cross site request forgery (csrf)
Cross-Site Request Forgery CSRF vulnerability in Mondula GmbH Multi Step Form plugin = 1.7.11 versions...
CVE-2023-47758 WordPress Multi Step Form Plugin <= 1.7.11 is vulnerable to Cross Site Request Forgery (CSRF)
Cross-Site Request Forgery CSRF vulnerability in Mondula GmbH Multi Step Form plugin = 1.7.11 versions...
CVE-2023-47758
The CVE-2023-47758 entry concerns Mondula GmbH’s WordPress Multi Step Form plugin. Affected versions are prior to 1.7.12 (per PT Security) and
WordPress Plugin Multi Step Form Cross-Site Request Forgery Vulnerability
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A cross-site request forgery vulnerability...
PT-2023-30591 · Mondula Gmbh · Multi Step Form
Name of the Vulnerable Software and Affected Versions: Mondula GmbH Multi Step Form plugin versions prior to 1.7.12 Description: The issue is related to a Cross-Site Request Forgery CSRF vulnerability. This type of vulnerability allows an attacker to trick a user into performing unintended action...
WordPress Multi Step Form Plugin <= 1.7.12 is vulnerable to Cross Site Request Forgery (CSRF)
Software Multi Step Form Type Plugin Vulnerable versions = 1.7.12 Fixed in 1.7.13 OWASP Top 10 A5: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2023-47758 Patch priority Low CVSS severity Low 5.4 Developer Claim ownership PSID cf47dd5c9cf5 Credits thiennv Required...
CVE-2023-4950
The Interactive Contact Form and Multi Step Form Builder WordPress plugin before 3.4 does not sanitise and escape some parameters, which could allow unauthenticated users to perform Cross-Site Scripting attacks...