CVE-2023-23825 WordPress Spectra – WordPress Gutenberg Blocks plugin <= 2.3.0 - Broken Access Control + CSRF on Import_WPforms vulnerability

Missing Authorization vulnerability in Brainstorm Force Spectra allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Spectra: from n/a through 2.3.0...

WordPress WPForms plugin < 1.9.1.6 - Admin+ Stored XSS vulnerability

Admin+ Stored XSS vulnerability discovered by WPscan in WordPress Plugin Contact Form by WPForms versions 1.9.1.6...

CVE-2024-7056

The WPForms WordPress plugin before 1.9.1.6 does not sanitise and escape some of its settings, which could allow high privilege users such as Admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

CVE-2024-7056

The WPForms WordPress plugin before 1.9.1.6 does not sanitise and escape some of its settings, which could allow high privilege users such as Admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

CVE-2024-7056 WPForms < 1.9.1.6 - Admin+ Stored XSS

The WPForms WordPress plugin before 1.9.1.6 does not sanitise and escape some of its settings, which could allow high privilege users such as Admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

CVE-2024-7056

CVE-2024-7056 affects WPForms for WordPress (pre-1.9.1.6). The issue is caused by insufficient sanitization/escaping of certain settings, enablingStored XSS by high-privilege users (e.g., Administrator) even when unfiltered_html is disabled (such as in multisite setups). The Red Hat and CVE lists...

CVE-2024-7056 WPForms < 1.9.1.6 - Admin+ Stored XSS

The WPForms WordPress plugin before 1.9.1.6 does not sanitise and escape some of its settings, which could allow high privilege users such as Admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

WordPress Contact Form by WPForms Plugin < 1.9.1.6 is vulnerable to Cross Site Scripting (XSS)

Software Contact Form by WPForms Type Plugin Vulnerable versions 1.9.1.6 Fixed in 1.9.1.6 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-7056 Patch priority Low CVSS severity Low 5.9 Developer Claim ownership PSID 9dc8b02dd1d6 Credits WPscan Require...

WordPress plugin WPForms 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security...

CVE-2024-52347

CVE-2024-52347 is a stored XSS vulnerability described as Improper Neutralization of Input During Web Page Generation in the WordPress plugin/theme stack “Website remote Install vor Gravity, WPForms, Formidable, Ninja, Caldera” (affected from n/a to 4.0). The issue arises from inadequate input ne...

CVE-2024-52347 WordPress Website remote Install vor Gravity, WPForms, Formidable, Ninja, Caldera plugin <= 4.0 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in wpwebsitecreator Website remote Install vor Gravity, WPForms, Formidable, Ninja, Caldera wp-website-creator allows Stored XSS.This issue affects Website remote Install vor Gravity, WPForms,...

WordPress plugin Website remote Install vor Gravity, WPForms, Formidable, Ninja, Caldera 跨站脚本漏洞

WordPress and WordPress plugin are products of the WordPress Foundation, a blogging platform developed in PHP. WordPress plugin is an application plugin that allows you to set up a personal blog site on a PHP and MySQL server. WordPress plugin Website remote Install vor Gravity, WPForms,...

PT-2024-9554 · Stripe · Stripe

Name of the Vulnerable Software and Affected Versions: WPForms versions 1.8.4 through 1.9.2.1 Description: The issue is related to a missing capability check in the wpforms is admin page function, which allows authenticated attackers with Subscriber-level access and above to refund payments and...

CVE-2024-10593

The WPForms – Easy Form Builder for WordPress – Contact Forms, Payment Forms, Surveys, & More plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.9.1.6. This is due to missing or incorrect nonce validation on the processadminui function. This...

CVE-2024-10593 WPForms – Easy Form Builder for WordPress <= 1.9.1.6 - Cross-Site Request Forgery (CSRF) to Plugin's Log Deletion

The WPForms – Easy Form Builder for WordPress – Contact Forms, Payment Forms, Surveys, & More plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.9.1.6. This is due to missing or incorrect nonce validation on the processadminui function. This...

CVE-2024-10593 WPForms – Easy Form Builder for WordPress <= 1.9.1.6 - Cross-Site Request Forgery (CSRF) to Plugin's Log Deletion

The WPForms – Easy Form Builder for WordPress – Contact Forms, Payment Forms, Surveys, & More plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.9.1.6. This is due to missing or incorrect nonce validation on the processadminui function. This...

CVE-2024-10593

CVE-2024-10593 affects the WPForms – Easy Form Builder for WordPress plugin (up to 1.9.1.6). The issue is a Cross-Site Request Forgery due to missing/incorrect nonce validation in the process_admin_ui function, allowing unauthenticated attackers to delete WPForms logs by tricking an admin into cl...

PT-2024-16390 · WordPress · Wpforms

Name of the Vulnerable Software and Affected Versions: WPForms – Easy Form Builder for WordPress – Contact Forms, Payment Forms, Surveys, & More plugin for WordPress versions up to, and including, 1.9.1.6 Description: The issue is related to Cross-Site Request Forgery due to missing or incorrect...

WordPress plugin WPForms 跨站请求伪造漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site request...

WordPress WPForms – Easy Form Builder for WordPress plugin <= 1.9.1.6 - Cross-Site Request Forgery (CSRF) to Plugin's Log Deletion vulnerability

Cross-Site Request Forgery CSRF to Plugin's Log Deletion vulnerability discovered by Asaf Mozes in WordPress Plugin Contact Form by WPForms versions = 1.9.1.6...