454 matches found
CVE-2023-31095
URL Redirection to Untrusted Site 'Open Redirect' vulnerability in CRM Perks Integration for HubSpot and Contact Form 7, WPForms, Elementor, Ninja Forms.This issue affects Integration for HubSpot and Contact Form 7, WPForms, Elementor, Ninja Forms: from n/a through 1.2.8...
Open redirect
URL Redirection to Untrusted Site 'Open Redirect' vulnerability in CRM Perks Integration for HubSpot and Contact Form 7, WPForms, Elementor, Ninja Forms.This issue affects Integration for HubSpot and Contact Form 7, WPForms, Elementor, Ninja Forms: from n/a through 1.2.8...
CVE-2023-31095
CVE-2023-31095 details an Open Redirect in the WordPress plugin Integration for Contact Form 7 HubSpot (cf7-hubspot). Affected versions are
WordPress Plugin Integration for HubSpot and Contact Form 7, WPForms, Elementor, Ninja Forms Input Validation Error Vulnerability
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers running PHP and MySQL.WordPress plugin is an application plugin. WordPress Plugin Integration for...
CVE-2023-37982
URL Redirection to Untrusted Site 'Open Redirect' vulnerability in CRM Perks Integration for Salesforce and Contact Form 7, WPForms, Elementor, Ninja Forms.This issue affects Integration for Salesforce and Contact Form 7, WPForms, Elementor, Ninja Forms: from n/a through 1.3.3...
Open redirect
URL Redirection to Untrusted Site 'Open Redirect' vulnerability in CRM Perks Integration for Salesforce and Contact Form 7, WPForms, Elementor, Ninja Forms.This issue affects Integration for Salesforce and Contact Form 7, WPForms, Elementor, Ninja Forms: from n/a through 1.3.3...
CVE-2023-37982
CVE-2023-37982 involves an Open Redirect in the WordPress plugin Integrations for Contact Form 7 and Salesforce (CF7-Salesforce) up to version 1.3.3. The root cause is URL redirection to untrusted sites. A fixed version, 1.3.4, is available. Patch/mitigation: upgrade the plugin to 1.3.4 or later ...
CVE-2023-37982 WordPress Integration for Contact Form 7 and Salesforce Plugin <= 1.3.3 is vulnerable to Open Redirection
URL Redirection to Untrusted Site 'Open Redirect' vulnerability in CRM Perks Integration for Salesforce and Contact Form 7, WPForms, Elementor, Ninja Forms.This issue affects Integration for Salesforce and Contact Form 7, WPForms, Elementor, Ninja Forms: from n/a through 1.3.3...
CVE-2023-47779
URL Redirection to Untrusted Site 'Open Redirect' vulnerability in CRM Perks. Integration for Constant Contact and Contact Form 7, WPForms, Elementor, Ninja Forms.This issue affects Integration for Constant Contact and Contact Form 7, WPForms, Elementor, Ninja Forms: from n/a through 1.1.4...
Open redirect
URL Redirection to Untrusted Site 'Open Redirect' vulnerability in CRM Perks. Integration for Constant Contact and Contact Form 7, WPForms, Elementor, Ninja Forms.This issue affects Integration for Constant Contact and Contact Form 7, WPForms, Elementor, Ninja Forms: from n/a through 1.1.4...
CVE-2023-47779 WordPress Integration for Contact Form 7 and Constant Contact Plugin <= 1.1.4 is vulnerable to Open Redirection
URL Redirection to Untrusted Site 'Open Redirect' vulnerability in CRM Perks. Integration for Constant Contact and Contact Form 7, WPForms, Elementor, Ninja Forms.This issue affects Integration for Constant Contact and Contact Form 7, WPForms, Elementor, Ninja Forms: from n/a through 1.1.4...
CVE-2023-47779
CVE-2023-47779 describes an Open Redirect in the WordPress plugin Integration for Constant Contact and Contact Form 7, WPForms, Elementor, Ninja Forms (up to version 1.1.4). Root cause is unvalidated redirect URL handling, enabling unauthenticated attackers to redirect users to a malicious site. ...
Integration for Contact Form 7 and Constant Contact < 1.1.5 - Open Redirect
Description The Integration for Constant Contact and Contact Form 7, WPForms, Elementor, Ninja Forms plugin for WordPress is vulnerable to Open Redirect in all versions up to, and including, 1.1.4. This is due to insufficient validation a redirect url. This makes it possible for unauthenticated...
CVE-2023-31212
Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in CRM Perks Database for Contact Form 7, WPforms, Elementor forms contact-form-entries allows SQL Injection.This issue affects Database for Contact Form 7, WPforms, Elementor forms: from n/a through...
CVE-2023-31212
Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in CRM Perks Database for Contact Form 7, WPforms, Elementor forms contact-form-entries allows SQL Injection.This issue affects Database for Contact Form 7, WPforms, Elementor forms: from n/a through...
Sql injection
Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in CRM Perks Database for Contact Form 7, WPforms, Elementor forms contact-form-entries allows SQL Injection.This issue affects Database for Contact Form 7, WPforms, Elementor forms: from n/a through...
CVE-2023-31212
CVE-2023-31212 is a SQL Injection vulnerability affecting the WordPress plugin Contact Form Entries (and related variants) up to version 1.3.0. The issue arises from improper neutralization of inputs used in an SQL command, enabling injection under the plugin’s Authorized Contributor workflow. Pu...
WordPress Drag and Drop & Multiple Image Uploads With Preview For WPForms Plugin <= 1.3 is vulnerable to Cross Site Scripting (XSS)
Software Drag and Drop & Multiple Image Uploads With Preview For WPForms Type Plugin Vulnerable versions = 1.3 Fixed in N/A OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2023-33999 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID...
CVE-2023-2321
The WPForms Google Sheet Connector WordPress plugin before 3.4.6, gsheetconnector-wpforms-pro WordPress plugin through 3.4.6 does not escape a parameter before outputting it back in an attribute, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as...
Cross site scripting
The WPForms Google Sheet Connector WordPress plugin before 3.4.6, gsheetconnector-wpforms-pro WordPress plugin through 3.4.6 does not escape a parameter before outputting it back in an attribute, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as...