58 matches found
CVE-2023-35095
Auth. admin+ Stored Cross-Site Scripting XSS vulnerability in Flothemes Flo Forms – Easy Drag & Drop Form Builder plugin = 1.0.40 versions...
CVE-2023-35095
Auth. admin+ Stored Cross-Site Scripting XSS vulnerability in Flothemes Flo Forms – Easy Drag & Drop Form Builder plugin = 1.0.40 versions...
Cross site scripting
Auth. admin+ Stored Cross-Site Scripting XSS vulnerability in Flothemes Flo Forms – Easy Drag & Drop Form Builder plugin = 1.0.40 versions...
CVE-2023-35095 WordPress Flo Forms Plugin <= 1.0.40 is vulnerable to Cross Site Scripting (XSS)
Auth. admin+ Stored Cross-Site Scripting XSS vulnerability in Flothemes Flo Forms – Easy Drag & Drop Form Builder plugin = 1.0.40 versions...
CVE-2023-35095 WordPress Flo Forms Plugin <= 1.0.40 is vulnerable to Cross Site Scripting (XSS)
Auth. admin+ Stored Cross-Site Scripting XSS vulnerability in Flothemes Flo Forms – Easy Drag & Drop Form Builder plugin = 1.0.40 versions...
CVE-2023-35095
CVE-2023-35095 affects the WordPress plugin Flo Forms – Easy Drag & Drop Form Builder (Flothemes) up to version 1.0.40. The vulnerability is an authenticated (admin+) Stored Cross‑Site Scripting (XSS) flaw in Flo Forms, requiring admin privileges to exploit. The issue is grounded in the plugin’s ...
PT-2023-25144 · Flothemes · The Flo Forms – Easy Drag & Drop Form Builder
Name of the Vulnerable Software and Affected Versions: Flothemes Flo Forms – Easy Drag & Drop Form Builder plugin versions 1.0.40 and earlier Description: The issue is related to a Stored Cross-Site Scripting XSS vulnerability that requires authentication with admin+ privileges. This vulnerabilit...
WordPress plugin Flo Forms - Easy Drag & Drop Form Builder 跨站脚本漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers running PHP and MySQL. WordPress plugin is an application plugin. A cross-site scripting vulnerabili...
WordPress Flo Forms Plugin <= 1.0.40 is vulnerable to Cross Site Scripting (XSS)
Software Flo Forms Type Plugin Vulnerable versions = 1.0.40 Fixed in 1.0.41 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-35095 Patch priority Low CVSS severity Low 5.9 Developer Claim ownership PSID 80a812c3a1fb Credits yuyudhn Required privilege...
CVE-2021-4367
The Flo Forms – Easy Drag & Drop Form Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via Options Change by using the floimportformsoptions AJAX action in versions up to, and including, 1.0.35 due to insufficient input sanitization and output escaping along with missing...
CVE-2021-4367
The Flo Forms – Easy Drag & Drop Form Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via Options Change by using the floimportformsoptions AJAX action in versions up to, and including, 1.0.35 due to insufficient input sanitization and output escaping along with missing...
Cross site scripting
The Flo Forms – Easy Drag & Drop Form Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via Options Change by using the floimportformsoptions AJAX action in versions up to, and including, 1.0.35 due to insufficient input sanitization and output escaping along with missing...
CVE-2021-4367
CVE-2021-4367 : The Flo Forms – Easy Drag & Drop Form Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the flo_import_forms_options AJAX action in versions up to and including 1.0.35. Root cause: insufficient input sanitization and output escaping, coupled with missin...
PT-2023-12478
Name of the Vulnerable Software and Affected Versions: The Flo Forms – Easy Drag & Drop Form Builder plugin for WordPress versions up to, and including, 1.0.35 Description: The issue is related to Stored Cross-Site Scripting via Options Change, which occurs when using the flo import forms options...
WordPress Plugin Flo Forms – Easy Drag & Drop Form Builder 跨站脚本漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers running PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability exists in...
VulnCheck KEV: CVE-2021-4367
The Flo Forms – Easy Drag & Drop Form Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via Options Change by using the floimportformsoptions AJAX action in versions up to, and including, 1.0.35 due to insufficient input sanitization and output escaping along with...
Flo Forms < 1.0.36 - Authenticated Options Change to Stored XSS
The plugin was being actively exploited, allowing low privilege users to use the floimportformsoptions AJAX action to import new options and inject malicious JavaScript code in the backend...
WordPress Flo Forms plugin <= 1.0.35 - Authenticated Options Change & Stored Cross-Site Scripting (XSS) vulnerability
Authenticated Options Change & Stored Cross-Site Scripting XSS vulnerability discovered by NinTechNet in WordPress Flo Forms plugin versions = 1.0.35. Solution Update the WordPress Flo Forms plugin to the latest available version at least 1.0.36...