WordPress plugin WPForms User Registration 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed in the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability exist...

WordPress WP Mail SMTP by WPForms Plugin <= 4.0.1 is vulnerable to Sensitive Data Exposure

Software WP Mail SMTP by WPForms Type Plugin Vulnerable versions = 4.0.1 Fixed in 4.1.0 OWASP Top 10 A3: Sensitive Data Exposure Classification Sensitive Data Exposure CVE CVE-2024-6694 Patch priority Low CVSS severity Low 2.7 Developer Claim ownership PSID 45f83918c270 Credits Guus Verbeek...

WordPress WPForms User Registration plugin <= 2.1.0 - Authenticated Privilege Escalation vulnerability

Authenticated Privilege Escalation vulnerability discovered by Rafie Muhammad Patchstack in WordPress Plugin WPForms User Registration versions = 2.1.0...

WordPress WPForms User Registration Plugin <= 2.1.0 is vulnerable to Privilege Escalation

Software WPForms User Registration Type Plugin Vulnerable versions = 2.1.0 Fixed in 2.1.2 OWASP Top 10 A7: Identification and Authentication Failures Classification Privilege Escalation CVE CVE-2023-52209 Patch priority Low CVSS severity Low 8 Developer Claim ownership PSID 78ca3b70599d Credits...

Upload Fields for WPForms <= 1.0.2 - Missing Authorization

Description The Upload Fields for WPForms – Drag and Drop Multiple File Upload, Image Upload, and Google Drive Upload for WPForms plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on a function in all versions up to, and including, 1.0.2. This makes it...

CVE-2024-35661

Missing Authorization vulnerability in SoftLab Upload Fields for WPForms.This issue affects Upload Fields for WPForms: from n/a through 1.0.2...

CVE-2024-35661

Missing Authorization vulnerability in SoftLab Upload Fields for WPForms.This issue affects Upload Fields for WPForms: from n/a through 1.0.2...

CVE-2024-35661 WordPress Upload Fields for WPForms plugin <= 1.0.2 - Broken Access Control vulnerability

Missing Authorization vulnerability in SoftLab Upload Fields for WPForms.This issue affects Upload Fields for WPForms: from n/a through 1.0.2...

CVE-2024-35661 WordPress Upload Fields for WPForms plugin <= 1.0.2 - Broken Access Control vulnerability

Missing Authorization vulnerability in SoftLab Upload Fields for WPForms.This issue affects Upload Fields for WPForms: from n/a through 1.0.2...

CVE-2024-35661

CVE-2024-35661 is a Missing Authorization vulnerability in SoftLab Upload Fields for WPForms. Public records show impact on the WPForms Upload Fields component, affecting versions up to 1.0.2 (and possibly earlier per the entry). The NVD metrics indicate a CRITICAL score (CVSS v3.1: 9.8) with net...

WordPress plugin Upload Fields for WPForms Security Vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...

WordPress Upload Fields for WPForms plugin <= 1.0.2 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by Majed Refaea Patchstack Alliance in WordPress Plugin Upload Fields for WPForms versions = 1.0.2...

CVE-2024-35632 WordPress Integration for Constant Contact and Contact Form 7, WPForms, Elementor, Ninja Forms plugin <= 1.1.5 - Cross Site Request Forgery (CSRF) vulnerability

Cross-Site Request Forgery CSRF vulnerability in CRM Perks. Integration for Contact Form 7 and Constant Contact.This issue affects Integration for Contact Form 7 and Constant Contact: from n/a through 1.1.5...

WordPress Upload Fields for WPForms Plugin <= 1.0.2 is vulnerable to Broken Access Control

Software Upload Fields for WPForms Type Plugin Vulnerable versions = 1.0.2 Fixed in N/A OWASP Top 10 A1: Broken Access Control Classification Broken Access Control CVE CVE-2024-35661 Patch priority Low CVSS severity Low 5.3 Developer Claim ownership PSID f07470eaffa8 Credits Majed Refaea Required...

Integration for Pipedrive and Contact Form 7, WPForms, Elementor, Ninja Forms < 1.2.1 - Cross-Site Request Forgery

Description The Integration for Pipedrive and Contact Form 7, WPForms, Elementor, Ninja Forms plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.2.0. This is due to missing or incorrect nonce validation on the settingspage function. This makes...

CVE-2024-34817 WordPress Integration for Pipedrive and Contact Form 7, WPForms, Elementor, Ninja Forms plugin <= 1.2.0 - Cross Site Request Forgery (CSRF) vulnerability

Cross-Site Request Forgery CSRF vulnerability in CRM Perks Integration for Pipedrive and Contact Form 7, WPForms, Elementor, Ninja Forms.This issue affects Integration for Pipedrive and Contact Form 7, WPForms, Elementor, Ninja Forms: from n/a through 1.2.0...

CVE-2024-34817

CVE-2024-34817 is a CSRF vulnerability in the Integration for Pipedrive and Contact Form 7, WPForms, Elementor, Ninja Forms WordPress plugin. Affected versions are up to 1.2.0 (exact start version not provided). The vulnerability allows unauthorized cross-site actions due to CSRF, with the CVSS/a...

CVE-2024-34817 WordPress Integration for Pipedrive and Contact Form 7, WPForms, Elementor, Ninja Forms plugin <= 1.2.0 - Cross Site Request Forgery (CSRF) vulnerability

Cross-Site Request Forgery CSRF vulnerability in CRM Perks Integration for Pipedrive and Contact Form 7, WPForms, Elementor, Ninja Forms.This issue affects Integration for Pipedrive and Contact Form 7, WPForms, Elementor, Ninja Forms: from n/a through 1.2.0...

WordPress Integration for Pipedrive and Contact Form 7, WPForms, Elementor, Ninja Forms Plugin <= 1.2.0 is vulnerable to Cross Site Request Forgery (CSRF)

Software Integration for Pipedrive and Contact Form 7, WPForms, Elementor, Ninja Forms Type Plugin Vulnerable versions = 1.2.0 Fixed in 1.2.1 OWASP Top 10 A1: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2024-34817 Patch priority Low CVSS severity Low 4.3 Developer...

Contact Form by WPForms – Drag & Drop Form Builder for WordPress < 1.8.8.2 - Unauthenticated Price Manipulation

Description The Contact Form by WPForms – Drag & Drop Form Builder for WordPress is vulnerable to price manipulation. This is due to a lack of controls on several product parameters, making it possible for unauthenticated attackers to manipulate prices, product information, and quantities for...