Caldera Forms < 1.9.7 - Reflected Cross-Site Scripting

Caldera Forms WordPress plugin 1.9.7 contains a reflected cross-site scripting caused by lack of validation and escaping of the cf-api parameter in responses, letting attackers execute arbitrary scripts in victim's browser, exploit requires attacker to craft a malicious request. id: CVE-2022-0879...

CVE-2022-0879

The Caldera Forms WordPress plugin before 1.9.7 does not validate and escape the cf-api parameter before outputting it back in the response, leading to a Reflected Cross-Site Scripting...

EUVD-2018-19462

Malware in sbrugna...

EUVD-2021-11808

Malware in sbrugna...

EUVD-2023-33830

Malicious code in bioql PyPI...

EUVD-2024-45852

Malicious code in bioql PyPI...

EUVD-2022-15916

Malicious code in bioql PyPI...

CVE-2023-2330

The Caldera Forms Google Sheets Connector WordPress plugin before 1.3 does not have CSRF check when updating its Access Code, which could allow attackers to make logged in admin change the access code to an arbitrary one via a CSRF attack...

CVE-2021-24896

The Caldera Forms WordPress plugin before 1.9.5 does not sanitise and escape the Form Name before outputting it in attributes, which could allow high privilege users to perform Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed...

PT-2024-10748 · Siteground · Siteground Optimizer

Name of the Vulnerable Software and Affected Versions: SiteGround Optimizer plugin for WordPress versions up to 5.0.12 Caldera Forms versions prior to the latest update Description: The vulnerability is related to authorization bypass, leading to Remote Code Execution and Local File Inclusion. Th...

WordPress Caldera Forms Plugin < 1.9.5 XSS Vulnerability

The WordPress plugin SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:calderaforms:calderaforms"; ifdescription...

WordPress Caldera Forms Plugin <= 1.7.4 is vulnerable to Cross Site Scripting (XSS)

Software Caldera Forms Type Plugin Vulnerable versions = 1.7.4 Fixed in 1.7.5.1 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2023-33999 Patch priority High CVSS severity High 7.1 Developer Claim ownership PSID 9b20838a06d8 Credits Rafie Muhammad Patchstack Required...

CVE-2023-2330

The Caldera Forms Google Sheets Connector WordPress plugin before 1.3 does not have CSRF check when updating its Access Code, which could allow attackers to make logged in admin change the access code to an arbitrary one via a CSRF attack...

Cross site request forgery (csrf)

The Caldera Forms Google Sheets Connector WordPress plugin before 1.3 does not have CSRF check when updating its Access Code, which could allow attackers to make logged in admin change the access code to an arbitrary one via a CSRF attack...

CVE-2023-2330

CVE-2023-2330 – Caldera Forms Google Sheets Connector (WordPress) What is affected: Caldera Forms Google Sheets Connector WordPress plugin, prior to version 1.3. Root cause: Missing CSRF protection when updating the Access Code, enabling a CSRF attack to change the access code when an admin is lo...

CVE-2023-2330 Caldera Forms Google Sheets Connector < 1.3 - Access Code Update via CSRF

The Caldera Forms Google Sheets Connector WordPress plugin before 1.3 does not have CSRF check when updating its Access Code, which could allow attackers to make logged in admin change the access code to an arbitrary one via a CSRF attack...

CVE-2023-2330 Caldera Forms Google Sheets Connector < 1.3 - Access Code Update via CSRF

The Caldera Forms Google Sheets Connector WordPress plugin before 1.3 does not have CSRF check when updating its Access Code, which could allow attackers to make logged in admin change the access code to an arbitrary one via a CSRF attack...

WordPress plugin Caldera Forms Google Sheets Connector 跨站请求伪造漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A cross-site request forgery vulnerability...

PT-2023-18894 · WordPress · Caldera Forms Google Sheets Connector

Name of the Vulnerable Software and Affected Versions: Caldera Forms Google Sheets Connector WordPress plugin versions prior to 1.3 Description: The issue is related to the lack of a CSRF check when updating the Access Code in the Caldera Forms Google Sheets Connector WordPress plugin. This could...

WordPress Caldera Forms Google Sheets Connector Plugin <= 1.2 is vulnerable to Cross Site Request Forgery (CSRF)

Software Caldera Forms Google Sheets Connector Type Plugin Vulnerable versions = 1.2 Fixed in 1.3 OWASP Top 10 A5: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2023-2330 Patch priority Low CVSS severity Low 5.4 Developer Claim ownership PSID 989c25f04825 Credits...