CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

Vulnrichment•added 2024/10/25 8:34 a.m.•5 views

CVE-2024-10016 File Upload Types by WPForms <= 1.4.0 - Authenticated (Author+) Stored Cross-Site Scripting via SVG File Upload

6.4CVSS6AI score0.00373EPSS

CVE•added 2024/10/25 8:34 a.m.•43 views

CVE-2024-10016

CVE-2024-10016 affects the File Upload Types by WPForms WordPress plugin. A stored XSS was reported via SVG file uploads in all versions

6.4CVSS5.9AI score0.00373EPSS

Cvelist•added 2024/10/25 8:34 a.m.•33 views

CVE-2024-10016 File Upload Types by WPForms <= 1.4.0 - Authenticated (Author+) Stored Cross-Site Scripting via SVG File Upload

6.4CVSS0.00373EPSS

Positive Technologies•added 2024/10/25 12:0 a.m.•2 views

PT-2024-15976 · Wpforms · File Upload Types

Name of the Vulnerable Software and Affected Versions: File Upload Types by WPForms plugin for WordPress versions up to, and including, 1.4.0 Description: The issue is related to Stored Cross-Site Scripting via SVG File uploads due to insufficient input sanitization and output escaping. This allo...

6.4CVSS6AI score0.00373EPSS

Exploits0References7

CNNVD•added 2024/10/25 12:0 a.m.•18 views

WordPress plugin File Upload Types by WPForms 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation, a blogging platform developed in PHP. WordPress plugin is an application plugin that supports personal blog sites on PHP and MySQL servers. A cross-site scripting vulnerability exists in WordPress plugin File Upload Typ...

6.4CVSS5.9AI score0.00373EPSS

Patchstack•added 2024/08/13 6:27 a.m.•2 views

WordPress PDF Builder for WPForms plugin <= 1.2.116 - Unauthenticated Full Path Disclosure vulnerability

Unauthenticated Full Path Disclosure vulnerability discovered by stealthcopter in WordPress Plugin PDF Builder for WPForms versions = 1.2.116...

5.3CVSS7AI score0.00586EPSS

Exploits0References1Affected Software1

Patchstack•added 2024/08/13 12:0 a.m.•5 views

WordPress PDF Builder for WPForms Plugin <= 1.2.116 is vulnerable to Full Path Disclosure (FPD)

Software PDF Builder for WPForms Type Plugin Vulnerable versions = 1.2.116 Fixed in 1.2.117 OWASP Top 10 A5: Security Misconfiguration Classification Full Path Disclosure FPD CVE CVE-2024-7414 Patch priority Low CVSS severity Low 5.3 Developer Claim ownership PSID c08822324936 Credits stealthcopt...

5.3CVSS6.6AI score0.00586EPSS

Exploits0References3Affected Software1

NVD•added 2024/08/12 1:38 p.m.•9 views

CVE-2024-7414

The PDF Builder for WPForms plugin for WordPress is vulnerable to Full Path Disclosure in all versions up to, and including, 1.2.116. This is due to the plugin allowing direct access to the composer-setup.php file which has displayerrors on. This makes it possible for unauthenticated attackers to...

5.3CVSS0.00586EPSS

CNNVD•added 2024/08/12 12:0 a.m.•2 views

WordPress plugin PDF Builder for WPForms 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation. WordPress is a set of blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL. WordPress plugin is an application plugin. A security...

5.3CVSS6.3AI score0.00586EPSS

Cvelist•added 2024/08/09 9:30 a.m.•26 views

CVE-2024-7414 PDF Builder for WPForms <= 1.2.116 - Unauthenticated Full Path Disclosure

5.3CVSS0.00586EPSS

CVE•added 2024/08/09 9:30 a.m.•44 views

CVE-2024-7414

CVE-2024-7414 affects the PDF Builder for WPForms WordPress plugin. It allows Full Path Disclosure in all versions up to 1.2.116 via direct access to composer-setup.php (display_errors enabled), letting unauthenticated users retrieve the web app’s full path. This information can aid other attacks...

5.3CVSS5.1AI score0.00586EPSS

Vulnrichment•added 2024/08/09 9:30 a.m.•9 views

CVE-2024-7414 PDF Builder for WPForms <= 1.2.116 - Unauthenticated Full Path Disclosure

5.3CVSS6.8AI score0.00586EPSS

Positive Technologies•added 2024/08/09 12:0 a.m.•3 views

PT-2024-38330 · WordPress · Pdf Builder For Wpforms

Name of the Vulnerable Software and Affected Versions: PDF Builder for WPForms plugin for WordPress versions up to, and including, 1.2.116 Description: The issue is related to Full Path Disclosure, which occurs because the plugin allows direct access to the composer-setup.php file with display...

5.3CVSS6.8AI score0.00586EPSS

Exploits0References5

NVD•added 2024/08/01 9:15 p.m.•13 views

CVE-2023-52209

Improper Privilege Management vulnerability in WPForms, LLC. WPForms User Registration allows Privilege Escalation.This issue affects WPForms User Registration: from n/a through 2.1.0...

8CVSS0.00345EPSS

Vulnrichment•added 2024/08/01 9:4 p.m.•11 views

CVE-2023-52209 WordPress WPForms User Registration plugin <= 2.1.0 - Authenticated Privilege Escalation vulnerability

Improper Privilege Management vulnerability in WPForms, LLC. WPForms User Registration allows Privilege Escalation.This issue affects WPForms User Registration: from n/a through 2.1.0...

8CVSS7AI score0.00345EPSS

CVE•added 2024/08/01 9:4 p.m.•39 views

CVE-2023-52209

CVE-2023-52209 affects WPForms User Registration (WordPress plugin). Affected versions:

8CVSS7.9AI score0.00345EPSS

Cvelist•added 2024/08/01 9:4 p.m.•27 views

CVE-2023-52209 WordPress WPForms User Registration plugin <= 2.1.0 - Authenticated Privilege Escalation vulnerability

Improper Privilege Management vulnerability in WPForms, LLC. WPForms User Registration allows Privilege Escalation.This issue affects WPForms User Registration: from n/a through 2.1.0...

8CVSS0.00345EPSS