Lucene search
+L

27 matches found

CVE
CVE
added 2023/05/29 2:6 p.m.41 views

CVE-2023-27613

CVE-2023-27613 affects WordPress plugin Forms Ada – Form Builder (MonitorClick Forms Ada) ≤ 1.0. It is an unauthenticated, reflected Cross-Site Scripting (XSS) vulnerability caused by insufficient input sanitization, allowing injected script to be reflected in responses. Impact is limited to clie...

7.1CVSS6AI score0.00382EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2023/05/29 2:6 p.m.42 views

CVE-2023-27613 WordPress Forms Ada Plugin <= 1.0 is vulnerable to Cross Site Scripting (XSS)

Unauth. Reflected Cross-Site Scripting XSS vulnerability in MonitorClick Forms Ada – Form Builder plugin = 1.0 versions...

7.1CVSS6.3AI score0.00382EPSS
Exploits0References1
CVE
CVE
added 2023/03/16 2:45 p.m.70 views

CVE-2021-36821

Summary of CVE-2021-36821 – WordPress Forminator stored XSS : The vulnerability affects the Forminator plugin for WordPress, with versions up to and including 1.14.11. The underlying issue is improper neutralization of input during web page generation, resulting in stored Cross-Site Scripting (XS...

7.1CVSS6.4AI score0.00406EPSS
Exploits0References1Affected Software1
OSV
OSV
added 2022/09/19 2:15 p.m.5 views

CVE-2022-2567

The Form Builder CP WordPress plugin before 1.2.32 does not sanitise and escape some of its form settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

4.8CVSS5.8AI score0.005EPSS
Exploits2References1
Prion
Prion
added 2021/10/25 2:15 p.m.18 views

Cross site scripting

The Formidable Form Builder – Contact Form, Survey & Quiz Forms Plugin for WordPress plugin before 5.0.07 does not sanitise and escape its Form's Labels, allowing high privileged users to perform Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed...

3.5CVSS4.7AI score0.00654EPSS
Exploits2References2Affected Software1
WPVulnDB
WPVulnDB
added 2021/08/09 12:0 a.m.10 views

Form Builder 1.9.8.4 - Reflected Cross-Site Scripting (XSS)

The plugin does not properly sanitise and escape its fromid parameter before outputting it back in an admin page, leading to a Reflected Cross-Site Scripting issue. PoC The formid digits before the payload must be valid: https://example.com/wp-admin/admin.php?page=smuz-formsid=1242;alert/XSS/...

6.3AI score
Exploits0Affected Software1
CNVD
CNVD
added 2019/11/21 12:0 a.m.5 views

WordPress nex-forms-express-wp-form-builde plugin SQL injection vulnerability

WordPress is the WordPress Foundation's set of blogging platform developed using the PHP language. The platform supports setting up personal blog sites on PHP and MySQL servers. nex-forms-express-wp-form-builder is a form builder plugin used in it. A SQL injection vulnerability exists in the...

9.8CVSS8AI score0.0237EPSS
Exploits1References1
Rows per page
Query Builder