CVE-2022-3574 WPForms Pro < 1.7.7 - CSV Injection

The WPForms Pro WordPress plugin before 1.7.7 does not validate its form data when generating the exported CSV, which could lead to CSV injection...

CVE-2022-3574 WPForms Pro < 1.7.7 - CSV Injection

The WPForms Pro WordPress plugin before 1.7.7 does not validate its form data when generating the exported CSV, which could lead to CSV injection...

WordPress plugin WPForms Pro 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A security vulnerability exists in the...

PT-2022-22957 · WordPress · Wpforms Pro

Name of the Vulnerable Software and Affected Versions: WPForms Pro version 1.7.6 and earlier Description: The issue arises from the lack of validation of form data when generating exported CSV files, potentially leading to CSV injection. Recommendations: For WPForms Pro versions prior to 1.7.7,...

CVE-2022-3574

CVE-2022-3574 concerns WPForms Pro for WordPress, where versions before 1.7.7 do not validate form data while generating exported CSVs, enabling potential CSV injection. The vulnerability affects the CSV export logic, with CVSS v3.1 metrics indicating high severity (CRITICAL) across confidentiali...

WordPress Contact Form by WPForms plugin <= 1.7.5.3 - Authenticated Arbitrary File Access vulnerability

Authenticated Arbitrary File Access vulnerability discovered by Sybre Waaijer in WordPress Contact Form by WPForms plugin versions = 1.7.5.3. Solution Update the WordPress Contact Form by WPForms plugin to the latest available version at least 1.7.5.5...

WordPress Drag and Drop & Multiple Image Uploads With Preview For WPForms plugin <= 1.3 - Sensitive Information Disclosure vulnerability

Sensitive Information Disclosure vulnerability discovered in WordPress Drag and Drop & Multiple Image Uploads With Preview For WPForms plugin versions = 1.3. Solution No patched version available...

WordPress Drag and Drop & Multiple Image Uploads With Preview For WPForms plugin <= 1.3 - Toggle The Debug Mode via Cross-Site Request Forgery (CSRF) vulnerability

Toggle The Debug Mode via Cross-Site Request Forgery CSRF vulnerability discovered in WordPress Drag and Drop & Multiple Image Uploads With Preview For WPForms plugin versions = 1.3. Solution No patched version available...

Wordpress Plugin WPForms 1.6.3.1 - Persistent Cross Site Scripting (Authenticated)

Exploit Title : Wordpress Plugin WPForms 1.6.3.1 - Persistent Cross Site Scripting Authenticated Exploit Author : ZwX Exploit Date : 2020-10-23 Vendor Homepage : https://wpforms.com/ Download Plugin : https://downloads.wordpress.org/plugin/wpforms-lite.1.6.3.1.zip + Description Vulnerability:...

WordPress WP Forms 1.6.3.1 Cross SIte Scripting

Exploit Title : Wordpress Plugin WPForms 1.6.3.1 - Persistent Cross Site Scripting Authenticated Exploit Author : ZwX Exploit Date : 2020-10-23 Vendor Homepage : https://wpforms.com/ Download Plugin : https://downloads.wordpress.org/plugin/wpforms-lite.1.6.3.1.zip + Description Vulnerability:...

WordPress Contact Form by WPForms plugin <= 1.6.0.1 - Authenticated Stored Cross-Site Scripting (XSS) vulnerability

Authenticated Stored Cross-Site Scripting XSS vulnerability discovered by Fortinet in WordPress Contact Form by WPForms plugin versions = 1.6.0.1. Solution Update the WordPress Contact Form by WPForms plugin to the latest available version at least 1.6.0.2...

Contact Form by WPForms < 1.6.0.2 - Authenticated Stored Cross-Site Scripting (XSS)

Vishnupriya Ilango from Fortinet's FortiGuard Labs discovered an authenticated stored Cross-Site Scripting issue via the choice label parameter inside the form builder that interacts with live preview...

Wordpress WPForms Plugin Cross-Site Scripting (CVE-2020-10385)

A cross-site scripting vulnerability exists in Wordpress WPForms plugin. Successful exploitation of this vulnerability would allow remote attackers to inject arbitrary web script into the affected system...

WordPress WPForms Contact Form Plugin < 1.5.9 XSS Vulnerability

The WordPress plugin SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription scriptoid"1.3.6.1.4.1.25623.1.0.113660";...

WordPress WPForms Contact Form Plugin Cross-Site Scripting Vulnerability

WordPress is a set of blogging platform developed by WordPress Foundation using PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WPForms Contact Form is one of the contact form builder plugins. A cross-site scripting vulnerability exists in WordPres...

CVE-2020-10385

A stored cross-site scripting XSS vulnerability exists in the WPForms Contact Form aka wpforms-lite plugin before 1.5.9 for WordPress...

CVE-2020-10385

A stored cross-site scripting XSS vulnerability exists in the WPForms Contact Form aka wpforms-lite plugin before 1.5.9 for WordPress...

Cross site scripting

A stored cross-site scripting XSS vulnerability exists in the WPForms Contact Form aka wpforms-lite plugin before 1.5.9 for WordPress...

WordPress Plugin WPForms 1.5.8.2 - Persistent Cross-Site Scripting

Exploit Title: Wordpress Plugin WPForms 1.5.8.2 - Persistent Cross-Site Scripting Date: 2020-02-18 Vendor Homepage: https://wpforms.com Vendor Changelog: https://wordpress.org/plugins/wpforms-lite/developers Exploit Author: Jinson Varghese Behanan Author Advisory:...

WordPress WPForms 1.5.9 Cross Site Scripting

Exploit Title: Wordpress Plugin WPForms 1.5.9 - Persistent Cross-Site Scripting Date: 2020-02-18 Vendor Homepage: https://wpforms.com Vendor Changelog: https://wordpress.org/plugins/wpforms-lite/developers Exploit Author: Jinson Varghese Behanan Author Advisory:...