27 matches found
CVE-2023-27613
CVE-2023-27613 affects WordPress plugin Forms Ada – Form Builder (MonitorClick Forms Ada) ≤ 1.0. It is an unauthenticated, reflected Cross-Site Scripting (XSS) vulnerability caused by insufficient input sanitization, allowing injected script to be reflected in responses. Impact is limited to clie...
CVE-2023-27613 WordPress Forms Ada Plugin <= 1.0 is vulnerable to Cross Site Scripting (XSS)
Unauth. Reflected Cross-Site Scripting XSS vulnerability in MonitorClick Forms Ada – Form Builder plugin = 1.0 versions...
CVE-2021-36821
Summary of CVE-2021-36821 – WordPress Forminator stored XSS : The vulnerability affects the Forminator plugin for WordPress, with versions up to and including 1.14.11. The underlying issue is improper neutralization of input during web page generation, resulting in stored Cross-Site Scripting (XS...
CVE-2022-2567
The Form Builder CP WordPress plugin before 1.2.32 does not sanitise and escape some of its form settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...
Cross site scripting
The Formidable Form Builder – Contact Form, Survey & Quiz Forms Plugin for WordPress plugin before 5.0.07 does not sanitise and escape its Form's Labels, allowing high privileged users to perform Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed...
Form Builder 1.9.8.4 - Reflected Cross-Site Scripting (XSS)
The plugin does not properly sanitise and escape its fromid parameter before outputting it back in an admin page, leading to a Reflected Cross-Site Scripting issue. PoC The formid digits before the payload must be valid: https://example.com/wp-admin/admin.php?page=smuz-formsid=1242;alert/XSS/...
WordPress nex-forms-express-wp-form-builde plugin SQL injection vulnerability
WordPress is the WordPress Foundation's set of blogging platform developed using the PHP language. The platform supports setting up personal blog sites on PHP and MySQL servers. nex-forms-express-wp-form-builder is a form builder plugin used in it. A SQL injection vulnerability exists in the...