CVE-2024-2043

The EleForms – All In One Form Integration including DB for Elementor plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check when downloading form submissions in all versions up to, and including, 2.9.9.7. This makes it possible for unauthenticated...

CVE-2024-2082

The EleForms – All In One Form Integration including DB for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via several parameters in all versions up to, and including, 2.9.9.7 due to insufficient input sanitization and output escaping. This makes it possible for...

EUVD-2024-47685

Malicious code in bioql PyPI...

EUVD-2024-27047

Malicious code in bioql PyPI...

CVE-2024-6628

The EleForms – All In One Form Integration including DB for Elementor plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.9.9.9. This is due to missing or incorrect nonce validation when deleting form submissions. This makes it possible for...

CVE-2024-6628

The EleForms – All In One Form Integration including DB for Elementor plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.9.9.9. This is due to missing or incorrect nonce validation when deleting form submissions. This makes it possible for...

CVE-2024-6628

CVE-2024-6628 : EleForms – All In One Form Integration including DB for Elementor (WordPress) is vulnerable to Cross-Site Request Forgery (CSRF) in all versions up to 2.9.9.9 due to missing/incorrect nonce validation when deleting form submissions. This enables unauthenticated attackers to cause ...

WordPress EleForms Plugin <= 2.9.9.9 is vulnerable to Cross Site Request Forgery (CSRF)

Software EleForms Type Plugin Vulnerable versions = 2.9.9.9 Fixed in N/A OWASP Top 10 A5: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2024-6628 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID 5925dd673838 Credits Lucio Sá Required privilege...

CVE-2024-6626

The EleForms – All In One Form Integration including DB for Elementor plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on several functions in all versions up to, and including, 2.9.9.9. This makes it possible for unauthenticated attackers to vie...

CVE-2024-6626 EleForms – All In One Form Integration including DB for Elementor <= 2.9.9.9 - Missing Authorization

The EleForms – All In One Form Integration including DB for Elementor plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on several functions in all versions up to, and including, 2.9.9.9. This makes it possible for unauthenticated attackers to vie...

WordPress EleForms Plugin <= 2.9.9.9 is vulnerable to Broken Access Control

Software EleForms Type Plugin Vulnerable versions = 2.9.9.9 Fixed in N/A OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2024-6626 Patch priority Low CVSS severity Low 5.3 Developer Claim ownership PSID fddc69a5e9e3 Credits Lucio Sá Required privilege...

CVE-2024-2043

The EleForms – All In One Form Integration including DB for Elementor plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check when downloading form submissions in all versions up to, and including, 2.9.9.7. This makes it possible for unauthenticated...

CVE-2024-2082

The EleForms – All In One Form Integration including DB for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via several parameters in all versions up to, and including, 2.9.9.7 due to insufficient input sanitization and output escaping. This makes it possible for...

PT-2024-18663 · WordPress · Eleforms

Name of the Vulnerable Software and Affected Versions: EleForms – All In One Form Integration including DB for Elementor plugin for WordPress versions up to, and including, 2.9.9.7 Description: The issue allows unauthorized access to data due to a missing capability check when downloading form...

WordPress plugin EleForms 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...

WordPress EleForms Plugin <= 2.9.9.7 is vulnerable to Cross Site Scripting (XSS)

Software EleForms Type Plugin Vulnerable versions = 2.9.9.7 Fixed in 2.9.9.8 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-2082 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 6aef5e4da6df Credits Francesco Carlucci...