CVE-2024-9352

The Forminator Forms – Contact Form, Payment Form & Custom Form Builder plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.35.1. This is due to missing or incorrect nonce validation on the custom form 'createmodule' function. This makes it...

CVE-2024-9351 Forminator Forms – Contact Form, Payment Form & Custom Form Builder <= 1.35.1 - Cross-Site Request Forgery to Draft Quiz Creation

The Forminator Forms – Contact Form, Payment Form & Custom Form Builder plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.35.1. This is due to missing or incorrect nonce validation on the quiz 'createmodule' function. This makes it possible f...

CVE-2024-9351

Summary (CVE-2024-9351) The Forminator Forms plugin for WordPress (versions ≤ 1.35.1) is vulnerable to Cross-Site Request Forgery due to missing/incorrect nonce validation in the quiz creation path (create_module). This allows unauthenticated attackers to cause draft quizzes to be created if a si...

CVE-2024-9352 Forminator Forms – Contact Form, Payment Form & Custom Form Builder <= 1.35.1 - Cross-Site Request Forgery to Draft Custom Form Creation

The Forminator Forms – Contact Form, Payment Form & Custom Form Builder plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.35.1. This is due to missing or incorrect nonce validation on the custom form 'createmodule' function. This makes it...

WordPress Forminator Forms plugin <= 1.35.1 - Cross-Site Request Forgery to Draft Custom Form Creation vulnerability

Cross-Site Request Forgery to Draft Custom Form Creation vulnerability discovered by Vijaysimha Reddy vijaysimha in WordPress Plugin Forminator versions = 1.35.1...

WordPress Forminator Forms plugin <= 1.35.1 - Cross-Site Request Forgery to Draft Quiz Creation vulnerability

Cross-Site Request Forgery to Draft Quiz Creation vulnerability discovered by Vijaysimha Reddy vijaysimha in WordPress Plugin Forminator versions = 1.35.1...

PT-2024-39586 · WordPress · The Forminator Forms

Name of the Vulnerable Software and Affected Versions: The Forminator Forms – Contact Form, Payment Form & Custom Form Builder plugin for WordPress versions up to, and including, 1.35.1 Description: The issue is related to Cross-Site Request Forgery due to missing or incorrect nonce validation on...

PT-2024-39587 · WordPress · The Forminator Forms

Name of the Vulnerable Software and Affected Versions: The Forminator Forms – Contact Form, Payment Form & Custom Form Builder plugin for WordPress versions up to, and including, 1.35.1 Description: The issue is related to Cross-Site Request Forgery due to missing or incorrect nonce validation on...

PT-2024-39684 · WordPress · Shoplentor

Name of the Vulnerable Software and Affected Versions: ShopLentor plugin for WordPress versions prior to 2.9.9 Description: The issue allows authenticated attackers with Contributor-level access and above to extract sensitive private, pending, and draft Elementor template data. This is possible d...

CVE-2024-45282

Fields which are in 'read only' state in Bank Statement Draft in Manage Bank Statements application, could be modified by MERGE method. The property of an OData entity representing assumably immutable method is not protected against external modifications leading to integrity violations...

CVE-2024-45282

Fields which are in 'read only' state in Bank Statement Draft in Manage Bank Statements application, could be modified by MERGE method. The property of an OData entity representing assumably immutable method is not protected against external modifications leading to integrity violations...

PT-2024-7173 · Sap · Sap S/4Hana

Name of the Vulnerable Software and Affected Versions: SAP S/4HANA affected versions not specified Description: The issue is related to the Manage Bank Statement Handler component of the SAP S/4HANA platform. It is caused by the lack of a mechanism to prevent unintended changes to resources when...

CVE-2024-8771

The Email Subscribers by Icegram Express – Email Marketing, Newsletters, Automation for WordPress & WooCommerce plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the 'previewemailtemplatedesign' function in all versions up to, and including,...

CVE-2024-9025

The Sight – Professional Image Gallery and Portfolio plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the 'handlerposttitle' function in all versions up to, and including, 1.1.2. This makes it possible for unauthenticated attackers to expose...

PT-2024-39370 · WordPress · The Sight +1

Name of the Vulnerable Software and Affected Versions: The Sight – Professional Image Gallery and Portfolio plugin for WordPress versions up to, and including, 1.1.2 Description: The issue is related to unauthorized access of data due to a missing capability check on the handler post title...

CVE-2024-8910

The HT Mega – Absolute Addons For Elementor plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.6.5 via the render function in includes/widgets/htmegaaccordion.php. This makes it possible for authenticated attackers, with Contributor-level...

CVE-2024-8516

The Themesflat Addons For Elementor plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 2.2.1 via the render function. This makes it possible for authenticated attackers, with Contributor-level access and above, to extract limited post information from...

CVE-2024-8801

The Happy Addons for Elementor plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 3.12.2 via the Content Switcher widget. This makes it possible for authenticated attackers, with Contributor-level access and above, to extract sensitive data...

PT-2024-39068 · WordPress · Themesflat Addons For Elementor

Name of the Vulnerable Software and Affected Versions: Themesflat Addons For Elementor plugin for WordPress versions up to, and including, 2.2.1 Description: The issue allows authenticated attackers with Contributor-level access and above to extract limited post information from draft and future...

WordPress plugin Themify Builder 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...