Lucene search
+L

61 matches found

WPVulnDB
WPVulnDB
added 2021/11/11 12:0 a.m.16 views

Caldera forms < 1.9.5 - Admin+ Stored Cross-Site Scripting

The plugin does not sanitise and escape the Form Name before outputting it in attributes, which could allow high privilege users to perform Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed. PoC Create/edit a form, and put the following payload in the Form Name vi...

4.8CVSS4.8AI score0.00598EPSS
Exploits2Affected Software1
Patchstack
Patchstack
added 2021/11/11 12:0 a.m.18 views

WordPress Caldera Forms plugin <= 1.9.4 - Stored Cross-Site Scripting (XSS) vulnerability

Stored Cross-Site Scripting XSS vulnerability discovered by Dhananjay Garg in WordPress Caldera Forms plugin versions = 1.9.4. Solution Update the WordPress Caldera Forms plugin to the latest available version at least 1.9.5...

4.8CVSS1.8AI score0.00598EPSS
Exploits2References3Affected Software1
Patchstack
Patchstack
added 2019/03/12 12:0 a.m.7 views

WordPress Caldera Forms plugin <= 1.8.1 - Unspecified security issue related to Caldera Forms Pro API

Unspecified security issue found and patched in WordPress Caldera Forms plugin versions = 1.8.1. Vulnerable only when connected to Caldera Forms Pro API and used with WordPress SEO by Yoast or Jetpack’s map module. Solution Update the WordPress Caldera Forms plugin to the latest available version...

2.7AI score
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2019/03/07 12:0 a.m.9 views

Caldera Forms Pro <= 1.8.1 - Unauthenticated Arbitrary File Read

According to the vendor: "This update includes an important SECURITY fix that affects some Pro customers. If you do not have Caldera Forms Pro API keys activated, this issue does not affect you." According to the original researchers: "The Caldera Forms Pro vulnerability would allow attackers to...

4.2AI score
Exploits0References3Affected Software1
Packet Storm
Packet Storm
added 2018/12/06 12:0 a.m.457 views

WordPress Caldera Forms 1.7.4 Database Disclosure

Exploit Title : WordPress Caldera Forms Plugins 1.7.4 Database Backup Disclosure Author Discovered By : KingSkrupellos from Cyberizm Digital Security Army Date : 06/12/2018 Vendor Homepage : wordpress.org/plugins/caldera-forms/ calderaforms.com/updates/caldera-forms-1-7-4/ Software Download Link ...

0.1AI score
Exploits0
WPVulnDB
WPVulnDB
added 2018/04/26 12:0 a.m.22 views

Caldera Forms <= 1.5.9.1 - Multiple Cross-Site Scripting (XSS)

The Caldera Forms – More Than Contact Forms WordPress plugin was affected by a Multiple Cross-Site Scripting XSS security vulnerability...

3.5CVSS1.6AI score0.04578EPSS
Exploits4References3Affected Software1
CNVD
CNVD
added 2018/04/24 12:0 a.m.6 views

WordPress Caldera Forms plugin cross-site scripting vulnerability

WordPress is the WordPress Software Foundation's set of blogging platforms developed using the PHP language, which supports personal blog sites on servers running PHP and MySQL.Caldera Forms is a drag-and-drop web editor plugin used in ... A cross-site scripting vulnerability exists in WordPress...

4.8CVSS6AI score0.04578EPSS
Exploits4References1
Prion
Prion
added 2018/04/20 9:29 p.m.15 views

Cross site scripting

Multiple cross-site scripting XSS vulnerabilities in the Caldera Forms plugin before 1.6.0-rc.1 for WordPress allow remote attackers to inject arbitrary web script or HTML via vectors involving 1 a greeting message, 2 the email transaction log, or 3 an imported form...

3.5CVSS5AI score0.04578EPSS
Exploits4References5Affected Software1
NVD
NVD
added 2018/04/20 9:29 p.m.19 views

CVE-2018-7747

Multiple cross-site scripting XSS vulnerabilities in the Caldera Forms plugin before 1.6.0-rc.1 for WordPress allow remote attackers to inject arbitrary web script or HTML via vectors involving 1 a greeting message, 2 the email transaction log, or 3 an imported form...

4.8CVSS5.1AI score0.04578EPSS
Exploits4References5
OSV
OSV
added 2018/04/20 9:29 p.m.5 views

CVE-2018-7747

Multiple cross-site scripting XSS vulnerabilities in the Caldera Forms plugin before 1.6.0-rc.1 for WordPress allow remote attackers to inject arbitrary web script or HTML via vectors involving 1 a greeting message, 2 the email transaction log, or 3 an imported form...

4.8CVSS5.8AI score0.04578EPSS
Exploits4References5
CVE
CVE
added 2018/04/20 9:0 p.m.63 views

CVE-2018-7747

Summary (CVE-2018-7747): WordPress Caldera Forms plugin vulnerable through stored XSS in versions up to 1.5.9.1, fixed in 1.6.0-rc.1. Vulnerability arises from insufficient input validation allowing remote attackers to inject arbitrary script via (1) a greeting message, (2) the email transaction ...

4.8CVSS5.1AI score0.04578EPSS
Exploits4References5Affected Software1
Cvelist
Cvelist
added 2018/04/20 9:0 p.m.26 views

CVE-2018-7747

Multiple cross-site scripting XSS vulnerabilities in the Caldera Forms plugin before 1.6.0-rc.1 for WordPress allow remote attackers to inject arbitrary web script or HTML via vectors involving 1 a greeting message, 2 the email transaction log, or 3 an imported form...

5.1AI score0.04578EPSS
Exploits4References5
exploitpack
exploitpack
added 2018/04/18 12:0 a.m.61 views

WordPress Plugin Caldera Forms 1.5.9.1 - Cross-Site Scripting

WordPress Plugin Caldera Forms 1.5.9.1 - Cross-Site Scripting Exploit Title: CalderaForms 1.5.9.1 - multiple XSS Date: 02-03-2018 Exploit Author: Federico Scalco fscalco at mentat dot is @mindpr00f Vendor Homepage: https://calderaforms.com/ Software Link:...

3.5CVSS0.4AI score0.04578EPSS
Exploits4
Patchstack
Patchstack
added 2018/04/18 12:0 a.m.28 views

WordPress Caldera Forms plugin <=1.5.9.1 - Cross-Site Scripting (XSS) vulnerability

Cross-Site Scripting XSS vulnerability found by Federico Scalco in WordPress Caldera Forms versions =1.5.9.1. Solution Update the WordPress Caldera Forms plugin to the latest available version at least 1.6.0...

4.8CVSS1.7AI score0.04578EPSS
Exploits4References1Affected Software1
Exploit DB
Exploit DB
added 2018/04/18 12:0 a.m.61 views

WordPress Plugin Caldera Forms 1.5.9.1 - Cross-Site Scripting

Exploit Title: CalderaForms 1.5.9.1 - multiple XSS Date: 02-03-2018 Exploit Author: Federico Scalco fscalco at mentat dot is @mindpr00f Vendor Homepage: https://calderaforms.com/ Software Link: https://wordpress.org/plugins/caldera-forms/ Vulnerable App:...

4.8CVSS5.1AI score0.04578EPSS
Exploits4
Patchstack
Patchstack
added 2017/11/07 12:0 a.m.10 views

WordPress Caldera Forms plugin <=1.5.4 - Authenticated Cross-Site Scripting (XSS) vulnerability

Authenticated Cross-Site Scripting XSS vulnerability found by Will Brand in WordPress Caldera Forms plugin versions =1.5.4. Solution Update the WordPress Caldera Forms plugin to the latest available version at least version 1.5.5...

2.1AI score
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2017/09/08 12:0 a.m.9 views

Caldera Forms <= 1.5.4 - Authenticated Cross-Site Scripting (XSS)

Version 1.5.4 and earlier of Caldera Forms is vulnerable to a reflected cross-site scripting vulnerability in the "edit" parameter, which is not properly escaped before being printed in an HTML attribute. An attacker can use this to craft URLs that, when clicked, result in malicious JavaScript...

1.7AI score
Exploits0References1Affected Software1
wpexploit
wpexploit
added 2017/09/08 12:0 a.m.20 views

Caldera Forms <= 1.5.4 - Authenticated Cross-Site Scripting (XSS)

Version 1.5.4 and earlier of Caldera Forms is vulnerable to a reflected cross-site scripting vulnerability in the "edit" parameter, which is not properly escaped before being printed in an HTML attribute. An attacker can use this to craft URLs that, when clicked, result in malicious JavaScript...

1.1AI score
Exploits0References1
0day.today
0day.today
added 2016/11/09 12:0 a.m.32 views

WordPress Caldera Forms 1.3.5.3 Cross Site Scripting Vulnerability

WordPress Caldera Forms plugin version 1.3.5.3 suffers from a cross site scripting vulnerability. ------------------------------------------------------------------------ Cross-Site Scripting vulnerability in Caldera Forms WordPress Plugin...

6.7AI score
Exploits0
WPVulnDB
WPVulnDB
added 2016/11/08 12:0 a.m.9 views

Caldera Forms <= 1.3.5.3 - Cross Site Scripting

The Caldera Forms – More Than Contact Forms WordPress plugin was affected by a Cross Site Scripting security vulnerability...

1.7AI score
Exploits0References1Affected Software1
Rows per page
Query Builder