8 matches found
PT-2024-14090 · Premio · All-In-One Floating Contact Form – My Sticky Elements
Name of the Vulnerable Software and Affected Versions: All-in-one Floating Contact Form – My Sticky Elements versions 2.1.3 and earlier Description: The issue is related to a Missing Authorization vulnerability, which allows exploiting incorrectly configured access control security levels. This...
WordPress All-in-one Floating Contact Form – My Sticky Elements Plugin <= 2.1.3 is vulnerable to Broken Access Control
Software All-in-one Floating Contact Form – My Sticky Elements Type Plugin Vulnerable versions = 2.1.3 Fixed in 2.1.4 OWASP Top 10 A1: Broken Access Control Classification Broken Access Control CVE CVE-2023-51362 Patch priority Low CVSS severity Low 5.3 Developer Claim ownership PSID 2c5f6cf38482...
CVE-2023-3248
The All-in-one Floating Contact Form WordPress plugin before 2.1.2 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite...
CVE-2023-3248 All-in-one Floating Contact Form < 2.1.2 - Admin+ Stored Cross-Site Scripting
The All-in-one Floating Contact Form WordPress plugin before 2.1.2 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite...
WordPress All-in-one Floating Contact Form – My Sticky Elements Plugin < 2.1.2 is vulnerable to Cross Site Scripting (XSS)
Software All-in-one Floating Contact Form – My Sticky Elements Type Plugin Vulnerable versions 2.1.2 Fixed in 2.1.2 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-3248 Patch priority Low CVSS severity Low 5.9 Developer Claim ownership PSID...
WordPress Floating Contact Form & Social Chat for WordPress – SupportBubble plugin <= 1.3.3 - Sensitive Information Disclosure vulnerability
Sensitive Information Disclosure vulnerability discovered in WordPress Floating Contact Form & Social Chat for WordPress – SupportBubble plugin versions = 1.3.3. Solution No patched version available...
CVE-2022-0148 All-in-one Floating Contact Form < 2.0.4 - Authenticated Reflected Cross-Site Scripting (XSS)
The All-in-one Floating Contact Form, Call, Chat, and 50+ Social Icon Tabs WordPress plugin before 2.0.4 was vulnerable to reflected XSS on the my-sticky-elements-leads admin page...
Wordpress Plugin All-in-one Floating Contact Form 跨站脚本漏洞
WordPress is the Wordpress Foundation's set of blogging platform developed using the PHP language. The platform supports the hosting of personal blog sites on PHP and MySQL servers. WordPress plugin is a WordPress open source application plugin. wordpress Plugin All-in-one Floating Contact Form...