CVE-2024-6626 EleForms – All In One Form Integration including DB for Elementor <= 2.9.9.9 - Missing Authorization

The EleForms – All In One Form Integration including DB for Elementor plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on several functions in all versions up to, and including, 2.9.9.9. This makes it possible for unauthenticated attackers to vie...

CVE-2024-6626

CVE-2024-6626 concerns the WordPress plugin EleForms – All In One Form Integration including DB for Elementor . The issue arises from a missing capability check in several functions across all versions up to 2.9.9.9, enabling unauthenticated attackers to view form submissions. According to the co...

WordPress plugin EleForms 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...

WordPress EleForms – All In One Form Integration including DB for Elementor plugin <= 2.9.9.9 - Missing Authorization vulnerability

Missing Authorization vulnerability discovered by Lucio Sá in WordPress Plugin EleForms versions = 2.9.9.9...

WordPress EleForms Plugin <= 2.9.9.9 is vulnerable to Broken Access Control

Software EleForms Type Plugin Vulnerable versions = 2.9.9.9 Fixed in N/A OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2024-6626 Patch priority Low CVSS severity Low 5.3 Developer Claim ownership PSID fddc69a5e9e3 Credits Lucio Sá Required privilege...

PT-2024-37755 · WordPress · Eleforms

Name of the Vulnerable Software and Affected Versions: EleForms – All In One Form Integration including DB for Elementor plugin for WordPress versions up to, and including, 2.9.9.9 Description: The issue is related to unauthorized access of data due to a missing capability check on several...

CVE-2024-38748

Access Control vulnerability in TheInnovs EleForms allows . This issue affects EleForms: from n/a through 2.9.9.9...

CVE-2024-38748

Access Control vulnerability in TheInnovs EleForms allows . This issue affects EleForms: from n/a through 2.9.9.9...

CVE-2024-38748

CVE-2024-38748 is a broken access control vulnerability in TheInnovs EleForms (WordPress plugin) affecting EleForms versions from n/a up to 2.9.9.9. The NVD entry lists this as an Access Control vulnerability with a CVSS v3.1 base score of 9.8 (CRITICAL). Other connected sources reiterate the aff...

CVE-2024-38748 WordPress EleForms plugin <= 2.9.9.9 - Broken Access Control vulnerability

Access Control vulnerability in TheInnovs EleForms allows . This issue affects EleForms: from n/a through 2.9.9.9...

CVE-2024-38748 WordPress EleForms plugin <= 2.9.9.9 - Broken Access Control vulnerability

Access Control vulnerability in TheInnovs EleForms allows . This issue affects EleForms: from n/a through 2.9.9.9...

WordPress plugin EleForms 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...

PT-2024-28192 · Theinnovs · Eleforms

Name of the Vulnerable Software and Affected Versions: TheInnovs EleForms versions 2.9.9.9 and earlier Description: The issue is related to an Access Control vulnerability in TheInnovs EleForms. Recommendations: For versions 2.9.9.9 and earlier, at the moment, there is no information about a newe...

WordPress EleForms plugin <= 2.9.9.9 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by Dhabaleshwar Das Patchstack Alliance in WordPress Plugin EleForms versions = 2.9.9.9...

WordPress EleForms Plugin <= 2.9.9.9 is vulnerable to Broken Access Control

Software EleForms Type Plugin Vulnerable versions = 2.9.9.9 Fixed in N/A OWASP Top 10 A1: Broken Access Control Classification Broken Access Control CVE CVE-2024-38748 Patch priority Low CVSS severity Low 5.3 Developer Claim ownership PSID 91544cea19ce Credits Dhabaleshwar Das Required privilege...

CVE-2024-2082

The EleForms – All In One Form Integration including DB for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via several parameters in all versions up to, and including, 2.9.9.7 due to insufficient input sanitization and output escaping. This makes it possible for...

CVE-2024-2043

The EleForms – All In One Form Integration including DB for Elementor plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check when downloading form submissions in all versions up to, and including, 2.9.9.7. This makes it possible for unauthenticated...

CVE-2024-2082

The EleForms – All In One Form Integration including DB for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via several parameters in all versions up to, and including, 2.9.9.7 due to insufficient input sanitization and output escaping. This makes it possible for...

CVE-2024-2043

The EleForms – All In One Form Integration including DB for Elementor plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check when downloading form submissions in all versions up to, and including, 2.9.9.7. This makes it possible for unauthenticated...

CVE-2024-2082

CVE-2024-2082 : EleForms – All In One Form Integration including DB for Elementor (WordPress) suffers stored XSS in multiple parameters due to insufficient input sanitization/output escaping in all versions up to 2.9.9.7. Attackers can exploit without authentication to inject scripts executed on ...