20 matches found
EUVD-2021-25714
Malware in sbrugna...
EUVD-2020-15040
Malware in sbrugna...
CVE-2023-5134
The Easy Registration Forms for WordPress is vulnerable to Information Disclosure via the 'erformsusermeta' shortcode in versions up to, and including, 2.1.1 due to insufficient controls on the information retrievable via the shortcode. This makes it possible for authenticated attackers, with...
CVE-2020-22275
Easy Registration Forms ER Forms Wordpress Plugin 2.0.6 allows an attacker to submit an entry with malicious CSV commands. After that, when the system administrator generates CSV output from the forms information, there is no check on this inputs and the codes are executable...
WordPress Easy Registration Forms Plugin <= 2.1.1 is vulnerable to Sensitive Data Exposure
Software Easy Registration Forms Type Plugin Vulnerable versions = 2.1.1 Fixed in N/A OWASP Top 10 A3: Sensitive Data Exposure Classification Sensitive Data Exposure CVE CVE-2023-5134 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID a5bfe7a3054b Credits Lana Codes Required...
CVE-2023-5134
The Easy Registration Forms for WordPress is vulnerable to Information Disclosure via the 'erformsusermeta' shortcode in versions up to, and including, 2.1.1 due to insufficient controls on the information retrievable via the shortcode. This makes it possible for authenticated attackers, with...
CVE-2023-5134
CVE-2023-5134 affects the WordPress plugin “Easy Registration Forms”. The vulnerability stems from insufficient access controls on the shortcodes, specifically the erforms_user_meta shortcode. Versions up to and including 2.1.1 are susceptible. With subscriber-level capabilities or higher, an aut...
CVE-2023-5134 Easy Registration Forms <= 2.1.1 - Authenticated (Subscriber+) Information Disclosure via Shortcode
The Easy Registration Forms for WordPress is vulnerable to Information Disclosure via the 'erformsusermeta' shortcode in versions up to, and including, 2.1.1 due to insufficient controls on the information retrievable via the shortcode. This makes it possible for authenticated attackers, with...
WordPress plugin Easy Registration Forms Information Disclosure Vulnerability
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. An information disclosure vulnerability...
PT-2023-31786 · WordPress · Easy Registration Forms
Name of the Vulnerable Software and Affected Versions: Easy Registration Forms for WordPress versions up to, and including, 2.1.1 Description: The issue allows authenticated attackers with subscriber-level capabilities or above to retrieve arbitrary sensitive user meta via the erforms user meta...
CVE-2021-39353
The Easy Registration Forms WordPress plugin is vulnerable to Cross-Site Request Forgery due to missing nonce validation via the ajaxaddform function found in the /includes/class-form.php file which made it possible for attackers to inject arbitrary web scripts in versions up to, and including...
Cross site request forgery (csrf)
The Easy Registration Forms WordPress plugin is vulnerable to Cross-Site Request Forgery due to missing nonce validation via the ajaxaddform function found in the /includes/class-form.php file which made it possible for attackers to inject arbitrary web scripts in versions up to, and including...
CVE-2021-39353 Easy Registration Forms <= 2.1.1 Cross-Site Request Forgery to Stored Cross-Site Scripting
The Easy Registration Forms WordPress plugin is vulnerable to Cross-Site Request Forgery due to missing nonce validation via the ajaxaddform function found in the /includes/class-form.php file which made it possible for attackers to inject arbitrary web scripts in versions up to, and including...
CVE-2021-39353
The CVE-2021-39353 entry concerns the WordPress plugin Easy Registration Forms (versions up to 2.1.1). The vulnerability is Cross-Site Request Forgery caused by missing nonce validation in the ajax_add_form function within includes/class-form.php, enabling an attacker to inject arbitrary web scri...
CVE-2021-39353 Easy Registration Forms <= 2.1.1 Cross-Site Request Forgery to Stored Cross-Site Scripting
The Easy Registration Forms WordPress plugin is vulnerable to Cross-Site Request Forgery due to missing nonce validation via the ajaxaddform function found in the /includes/class-form.php file which made it possible for attackers to inject arbitrary web scripts in versions up to, and including...
Easy Registration Forms <= 2.1.1 - CSRF to Stored Cross-Site Scripting
The plugin is vulnerable to Cross-Site Request Forgery due to missing nonce validation via the ajaxaddform function found in the /includes/class-form.php file which made it possible for attackers to inject arbitrary web scripts in versions up to, and including 2.1.1...
Easy Registration Forms <= 2.0.6 - CSV Injection
Easy Registration Forms ER Forms Wordpress Plugin 2.0.6 allows an attacker to submit an entry with malicious CSV commands. After that, when the system administrator generates CSV output from the forms information, there is no check on this inputs and the codes are executable...
Wordpress Plugin Easy Registration Forms (ER Forms) Input Verification Error
WordPress is a blogging platform developed in PHP by the WordPress Foundation. The platform supports setting up personal blog sites on servers with PHP and MySQL.Easy Registration Forms is a Wordpress plugin for implementing form effects. An input validation error vulnerability exists in the...
CVE-2020-22275
Easy Registration Forms ER Forms Wordpress Plugin 2.0.6 allows an attacker to submit an entry with malicious CSV commands. After that, when the system administrator generates CSV output from the forms information, there is no check on this inputs and the codes are executable...
Design/Logic Flaw
Easy Registration Forms ER Forms Wordpress Plugin 2.0.6 allows an attacker to submit an entry with malicious CSV commands. After that, when the system administrator generates CSV output from the forms information, there is no check on this inputs and the codes are executable...