PT-2024-15507 · WordPress · Views For Wpforms

Name of the Vulnerable Software and Affected Versions: The Views for WPForms – Display & Edit WPForms Entries on your site frontend plugin for WordPress versions up to, and including, 3.2.2 Description: The issue is related to unauthorized access of data due to a missing capability check on the g...

PT-2024-15505 · WordPress · Views For Wpforms

Name of the Vulnerable Software and Affected Versions: The Views for WPForms – Display & Edit WPForms Entries on your site frontend plugin for WordPress versions up to, and including, 3.2.2 Description: The issue is related to a missing capability check on the save view function, allowing...

WordPress plugin Views for WPForms security vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A security vulnerability exists in WordPres...

PT-2024-15508 · WordPress · Views For Wpforms

Name of the Vulnerable Software and Affected Versions: The Views for WPForms – Display & Edit WPForms Entries on your site frontend plugin for WordPress versions up to, and including, 3.2.2 Description: The issue is related to Cross-Site Request Forgery due to missing or incorrect nonce validatio...

WordPress Views for WPForms Plugin <= 3.2.2 is vulnerable to Broken Access Control

Software Views for WPForms Type Plugin Vulnerable versions = 3.2.2 Fixed in 3.2.3 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2024-0370 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID 2bf8391974fc Credits Francesco Carlucci Required...

Views for WPForms < 3.2.3 - Missing Authorization via save_view

Description The Views for WPForms – Display & Edit WPForms Entries on your site frontend plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'saveview' function in all versions up to, and including, 3.2.2. This makes it possible for...

Views for WPForms < 3.2.3 - Cross-Site Request Forgery via save_view

Description The Views for WPForms – Display & Edit WPForms Entries on your site frontend plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 3.2.2. This is due to missing or incorrect nonce validation on the 'saveview' function. This makes it...

Views for WPForms < 3.2.3 - Missing Authorization via create_view

Description The Views for WPForms – Display & Edit WPForms Entries on your site frontend plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'createview' function in all versions up to, and including, 3.2.2. This makes it possible for...

Views for WPForms < 3.2.3 - Missing Authorization via get_form_fields

Description The Views for WPForms – Display & Edit WPForms Entries on your site frontend plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the 'getformfields' function in all versions up to, and including, 3.2.2. This makes it possible for...

Views for WPForms < 3.2.3 - Cross-Site Request Forgery via create_view

Description The Views for WPForms – Display & Edit WPForms Entries on your site frontend plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 3.2.2. This is due to missing or incorrect nonce validation on the 'createview' function. This makes it...

WordPress WPForms Pro Plugin <= 1.8.5.3 is vulnerable to Cross Site Scripting (XSS)

Software WPForms Pro Type Plugin Vulnerable versions = 1.8.5.3 Fixed in 1.8.5.4 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-7063 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID b002ca3b6fb7 Credits drop Required...

CVE-2023-7063

The WPForms Pro plugin for WordPress is vulnerable to Stored Cross-Site Scripting via form submission parameters in all versions up to, and including, 1.8.5.3 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web...

Cross site scripting

The WPForms Pro plugin for WordPress is vulnerable to Stored Cross-Site Scripting via form submission parameters in all versions up to, and including, 1.8.5.3 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web...

CVE-2023-7063

The WPForms Pro plugin for WordPress is vulnerable to Stored Cross-Site Scripting via form submission parameters in all versions up to, and including, 1.8.5.3 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web...

CVE-2023-7063

CVE-2023-7063 affects the WPForms Pro WordPress plugin. The vulnerability is a Stored Cross-Site Scripting (XSS) via form submission parameters in all versions up to and including 1.8.5.3, caused by insufficient input sanitization and output escaping. Exploitation is possible by unauthenticated a...

CVE-2023-7063

The WPForms Pro plugin for WordPress is vulnerable to Stored Cross-Site Scripting via form submission parameters in all versions up to, and including, 1.8.5.3 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web...

PT-2024-15192 · WordPress · Wpforms Pro

Name of the Vulnerable Software and Affected Versions: WPForms Pro versions up to, and including, 1.8.5.3 Description: The WPForms Pro plugin for WordPress is vulnerable to Stored Cross-Site Scripting via form submission parameters due to insufficient input sanitization and output escaping. This...

WordPress plugin WPForms Pro security vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers running PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability exists in...

WPForms Pro < 1.8.5.4 - Unauthenticated Stored Cross-Site Scripting via Form Submission

Description The WPForms Pro plugin for WordPress is vulnerable to Stored Cross-Site Scripting via form submission parameters in all versions up to, and including, 1.8.5.3 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject...

CVE-2023-31095

URL Redirection to Untrusted Site 'Open Redirect' vulnerability in CRM Perks Integration for HubSpot and Contact Form 7, WPForms, Elementor, Ninja Forms.This issue affects Integration for HubSpot and Contact Form 7, WPForms, Elementor, Ninja Forms: from n/a through 1.2.8...