EUVD-2021-11804

Malware in sbrugna...

EUVD-2024-16895

Malicious code in bioql PyPI...

CVE-2024-1121

The Advanced Forms for ACF plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the exportjsonfile function in all versions up to, and including, 1.9.3.2. This makes it possible for unauthenticated attackers to export form settings...

CVE-2021-24892

Insecure Direct Object Reference in edit function of Advanced Forms Free & Pro before 1.6.9 allows authenticated remote attacker to change arbitrary user's email address and request for reset password, which could lead to take over of WordPress's administrator account. To exploit this...

WordPress Advanced Forms Plugin <= 1.9.3.2 is vulnerable to Broken Access Control

Software Advanced Forms Type Plugin Vulnerable versions = 1.9.3.2 Fixed in 1.9.3.3 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2024-1121 Patch priority Low CVSS severity Low 5.3 Developer Claim ownership PSID 5521bfbfd051 Credits Francesco Carlucci Required...

CVE-2024-1121

The Advanced Forms for ACF plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the exportjsonfile function in all versions up to, and including, 1.9.3.2. This makes it possible for unauthenticated attackers to export form settings...

CVE-2024-1121

CVE-2024-1121 concerns the WordPress plugin Advanced Forms for ACF . The issue is a missing capability check in the function export_json_file(), affecting all versions up to and including 1.9.3.2, enabling unauthenticated attackers to export form settings (unauthorized data access). Public source...

WordPress plugin Advanced Forms for ACF security vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers running PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability exists in...

PT-2024-16827 · WordPress · Advanced Forms For Acf

Name of the Vulnerable Software and Affected Versions: Advanced Forms for ACF plugin for WordPress versions prior to 1.9.3.3 Description: The issue is related to unauthorized access of data due to a missing capability check on the export json file function. This allows unauthenticated attackers t...

CVE-2021-24892

Insecure Direct Object Reference in edit function of Advanced Forms Free & Pro before 1.6.9 allows authenticated remote attacker to change arbitrary user's email address and request for reset password, which could lead to take over of WordPress's administrator account. To exploit this...

CVE-2021-24892

Insecure Direct Object Reference in edit function of Advanced Forms Free & Pro before 1.6.9 allows authenticated remote attacker to change arbitrary user's email address and request for reset password, which could lead to take over of WordPress's administrator account. To exploit this...

Design/Logic Flaw

Insecure Direct Object Reference in edit function of Advanced Forms Free & Pro before 1.6.9 allows authenticated remote attacker to change arbitrary user's email address and request for reset password, which could lead to take over of WordPress's administrator account. To exploit this...

CVE-2021-24892

The CVE-2021-24892 issue affects WordPress Advanced Forms (Free & Pro) prior to 1.6.9. Affected component: edit function handling user email updates via insecure direct object reference (IDOR). Root cause: authenticated users can exploit IDOR to modify arbitrary users’ email addresses and trigger...

CVE-2021-24892 Advanced Forms < 1.6.9 - Subscriber+ Arbitrary User Email Address Update via IDOR

Insecure Direct Object Reference in edit function of Advanced Forms Free & Pro before 1.6.9 allows authenticated remote attacker to change arbitrary user's email address and request for reset password, which could lead to take over of WordPress's administrator account. To exploit this...

WordPress 安全漏洞

WordPress is a set of blogging platforms developed using the PHP language by the WordPress Wordpress Foundation. The platform supports the hosting of personal blog sites on servers with PHP and MySQL. A security vulnerability exists in WordPress Advanced Forms that allows an authenticated, remote...

WordPress Advanced Forms plugin <= 1.6.8 - Arbitrary User Email Address Update via IDOR vulnerability

Arbitrary User Email Address Update via IDOR vulnerability discovered by Suppawit Punhakit in WordPress Advanced Forms plugin versions = 1.6.8. Solution Update the WordPress Advanced Forms plugin to the latest available version at least 1.6.9...

WordPress Advanced Forms Pro premium plugin <= 1.6.8 - Arbitrary User Email Address Update via IDOR vulnerability

Arbitrary User Email Address Update via IDOR vulnerability discovered by Suppawit Punhakit in WordPress Advanced Forms Pro premium plugin versions = 1.6.8. Solution Update the WordPress Advanced Forms Pro premium plugin to the latest available version at least 1.6.9...