61 matches found
Caldera forms < 1.9.5 - Admin+ Stored Cross-Site Scripting
The plugin does not sanitise and escape the Form Name before outputting it in attributes, which could allow high privilege users to perform Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed. PoC Create/edit a form, and put the following payload in the Form Name vi...
WordPress Caldera Forms plugin <= 1.9.4 - Stored Cross-Site Scripting (XSS) vulnerability
Stored Cross-Site Scripting XSS vulnerability discovered by Dhananjay Garg in WordPress Caldera Forms plugin versions = 1.9.4. Solution Update the WordPress Caldera Forms plugin to the latest available version at least 1.9.5...
WordPress Caldera Forms plugin <= 1.8.1 - Unspecified security issue related to Caldera Forms Pro API
Unspecified security issue found and patched in WordPress Caldera Forms plugin versions = 1.8.1. Vulnerable only when connected to Caldera Forms Pro API and used with WordPress SEO by Yoast or Jetpack’s map module. Solution Update the WordPress Caldera Forms plugin to the latest available version...
Caldera Forms Pro <= 1.8.1 - Unauthenticated Arbitrary File Read
According to the vendor: "This update includes an important SECURITY fix that affects some Pro customers. If you do not have Caldera Forms Pro API keys activated, this issue does not affect you." According to the original researchers: "The Caldera Forms Pro vulnerability would allow attackers to...
WordPress Caldera Forms 1.7.4 Database Disclosure
Exploit Title : WordPress Caldera Forms Plugins 1.7.4 Database Backup Disclosure Author Discovered By : KingSkrupellos from Cyberizm Digital Security Army Date : 06/12/2018 Vendor Homepage : wordpress.org/plugins/caldera-forms/ calderaforms.com/updates/caldera-forms-1-7-4/ Software Download Link ...
Caldera Forms <= 1.5.9.1 - Multiple Cross-Site Scripting (XSS)
The Caldera Forms – More Than Contact Forms WordPress plugin was affected by a Multiple Cross-Site Scripting XSS security vulnerability...
WordPress Caldera Forms plugin cross-site scripting vulnerability
WordPress is the WordPress Software Foundation's set of blogging platforms developed using the PHP language, which supports personal blog sites on servers running PHP and MySQL.Caldera Forms is a drag-and-drop web editor plugin used in ... A cross-site scripting vulnerability exists in WordPress...
Cross site scripting
Multiple cross-site scripting XSS vulnerabilities in the Caldera Forms plugin before 1.6.0-rc.1 for WordPress allow remote attackers to inject arbitrary web script or HTML via vectors involving 1 a greeting message, 2 the email transaction log, or 3 an imported form...
CVE-2018-7747
Multiple cross-site scripting XSS vulnerabilities in the Caldera Forms plugin before 1.6.0-rc.1 for WordPress allow remote attackers to inject arbitrary web script or HTML via vectors involving 1 a greeting message, 2 the email transaction log, or 3 an imported form...
CVE-2018-7747
Multiple cross-site scripting XSS vulnerabilities in the Caldera Forms plugin before 1.6.0-rc.1 for WordPress allow remote attackers to inject arbitrary web script or HTML via vectors involving 1 a greeting message, 2 the email transaction log, or 3 an imported form...
CVE-2018-7747
Summary (CVE-2018-7747): WordPress Caldera Forms plugin vulnerable through stored XSS in versions up to 1.5.9.1, fixed in 1.6.0-rc.1. Vulnerability arises from insufficient input validation allowing remote attackers to inject arbitrary script via (1) a greeting message, (2) the email transaction ...
CVE-2018-7747
Multiple cross-site scripting XSS vulnerabilities in the Caldera Forms plugin before 1.6.0-rc.1 for WordPress allow remote attackers to inject arbitrary web script or HTML via vectors involving 1 a greeting message, 2 the email transaction log, or 3 an imported form...
WordPress Plugin Caldera Forms 1.5.9.1 - Cross-Site Scripting
WordPress Plugin Caldera Forms 1.5.9.1 - Cross-Site Scripting Exploit Title: CalderaForms 1.5.9.1 - multiple XSS Date: 02-03-2018 Exploit Author: Federico Scalco fscalco at mentat dot is @mindpr00f Vendor Homepage: https://calderaforms.com/ Software Link:...
WordPress Caldera Forms plugin <=1.5.9.1 - Cross-Site Scripting (XSS) vulnerability
Cross-Site Scripting XSS vulnerability found by Federico Scalco in WordPress Caldera Forms versions =1.5.9.1. Solution Update the WordPress Caldera Forms plugin to the latest available version at least 1.6.0...
WordPress Plugin Caldera Forms 1.5.9.1 - Cross-Site Scripting
Exploit Title: CalderaForms 1.5.9.1 - multiple XSS Date: 02-03-2018 Exploit Author: Federico Scalco fscalco at mentat dot is @mindpr00f Vendor Homepage: https://calderaforms.com/ Software Link: https://wordpress.org/plugins/caldera-forms/ Vulnerable App:...
WordPress Caldera Forms plugin <=1.5.4 - Authenticated Cross-Site Scripting (XSS) vulnerability
Authenticated Cross-Site Scripting XSS vulnerability found by Will Brand in WordPress Caldera Forms plugin versions =1.5.4. Solution Update the WordPress Caldera Forms plugin to the latest available version at least version 1.5.5...
Caldera Forms <= 1.5.4 - Authenticated Cross-Site Scripting (XSS)
Version 1.5.4 and earlier of Caldera Forms is vulnerable to a reflected cross-site scripting vulnerability in the "edit" parameter, which is not properly escaped before being printed in an HTML attribute. An attacker can use this to craft URLs that, when clicked, result in malicious JavaScript...
Caldera Forms <= 1.5.4 - Authenticated Cross-Site Scripting (XSS)
Version 1.5.4 and earlier of Caldera Forms is vulnerable to a reflected cross-site scripting vulnerability in the "edit" parameter, which is not properly escaped before being printed in an HTML attribute. An attacker can use this to craft URLs that, when clicked, result in malicious JavaScript...
WordPress Caldera Forms 1.3.5.3 Cross Site Scripting Vulnerability
WordPress Caldera Forms plugin version 1.3.5.3 suffers from a cross site scripting vulnerability. ------------------------------------------------------------------------ Cross-Site Scripting vulnerability in Caldera Forms WordPress Plugin...
Caldera Forms <= 1.3.5.3 - Cross Site Scripting
The Caldera Forms – More Than Contact Forms WordPress plugin was affected by a Cross Site Scripting security vulnerability...