WordPress Smart Forms Plugin Information Disclosure Vulnerability

WordPress is a set of blogging platforms developed using the PHP language by the Wordpress Foundation. The platform supports setting up personal blog sites on servers with PHP and MySQL. An information disclosure vulnerability exists in WordPress Smart Forms Plugin versions prior to 2.6.71, which...

PT-2022-16674 · Sap · Sap Focused Run

Name of the Vulnerable Software and Affected Versions: SAP Focused Run Real User Monitoring versions 200, 300 Description: The issue is related to a Cross-Site Scripting XSS vulnerability. It occurs because the REST service does not sufficiently sanitize the input name of the file using...

CVE-2022-0163

The Smart Forms WordPress plugin before 2.6.71 does not have authorisation in its rednaosmartformsentrieslist AJAX action, allowing any authenticated users, such as subscriber, to download arbitrary form's data, which could include sensitive information such as PII depending on the form...

MC4WP < 4.8.7 - Admin+ Stored Cross-Site Scripting

The plugin does not properly sanitise form data, which could allow high privilege users to perform Cross-Site Scripting attacks when unfilteredhtml is disallowed...

CVE-2022-23988

The WS Form LITE and Pro WordPress plugins before 1.8.176 do not sanitise and escape submitted form data, allowing unauthenticated attacker to submit XSS payloads which will get executed when a privileged user will view the related submission...

Design/Logic Flaw

The WS Form LITE and Pro WordPress plugins before 1.8.176 do not sanitise and escape submitted form data, allowing unauthenticated attacker to submit XSS payloads which will get executed when a privileged user will view the related submission...

GHSA-C7F6-4VX5-4263 Unrestricted Upload of File with Dangerous Type in Liferay Portal and Liferay DXP

Liferay Portal before 7.3.3, and Liferay DXP 7.1 before fix pack 18 and 7.2 before fix pack 6, does not restrict the size of a multipart/form-data POST action, which allows remote authenticated users to conduct denial-of-service attacks by uploading large files...

Data Amplification in Play Framework

In Play Framework 2.6.0 through 2.8.2, data amplification can occur when an application accepts multipart/form-data JSON input...

CVE-2021-46385

https://gitee.com/mingSoft/MCMS MCMS =5.2.5 is affected by: SQL Injection. The impact is: obtain sensitive information remote. The component is: net.mingsoft.mdiy.action.FormDataActionqueryData. The attack vector is: 0 or sleep3. ¶¶ MCMS has a sql injection vulnerability through which attacker ca...

Landa Driving School Management System 2.0.1 Arbitrary File Upload

Exploit Title: Landa Driving School Management System Arbitrary File Upload Version 2.0.1 Google Dork: N/A Date: 17/01/2022 Exploit Author: Sohel Yousef - [email protected] Software Link: https://codecanyon.net/item/landa-driving-school-management-system/23220151 Software link 2...

WordPress Frontend Uploader 1.3.2 Cross Site Scripting

Exploit Title: WordPress Plugin Frontend Uploader 1.3.2 - Stored Cross Site Scripting XSS Unauthenticated Date: 10/01/2022 Exploit Author: Veshraj Ghimire Vendor Homepage: https://wordpress.org/plugins/frontend-uploader/ Software Link: https://plugins.trac.wordpress.org/browser/frontend-uploader/...

crocoblock JetEngine code issue vulnerability

crocoblock JetEngine is a dynamic content plugin that allows you to build complex websites quickly and cost-effectively. crocoblock JetEngine versions prior to 2.9.1 are vulnerable to a code issue that stems from the application's inability to properly validate and clean up form data. An attacker...

CVE-2021-41844

Crocoblock JetEngine before 2.9.1 does not properly validate and sanitize form data...

CVE-2021-41844

Crocoblock JetEngine before 2.9.1 does not properly validate and sanitize form data...

Code injection

Crocoblock JetEngine before 2.9.1 does not properly validate and sanitize form data...

CVE-2021-41844

Crocoblock JetEngine before 2.9.1 does not properly validate and sanitize form data...

PT-2021-23429 · Crocoblock · Crocoblock Jetengine

Name of the Vulnerable Software and Affected Versions: Crocoblock JetEngine versions prior to 2.9.1 Description: The issue arises from improper validation and sanitization of form data. Recommendations: For versions prior to 2.9.1, update to version 2.9.1 or later to resolve the issue...

Crocoblock JetEngine 安全漏洞

Crocoblock JetEngine is a dynamic content plugin that allows you to build complex websites quickly and cost-effectively. A security vulnerability exists in Crocoblock JetEngine versions prior to 2.9.1 that stems from the application's inability to properly validate and clean form data...

PT-2021-16285 · WordPress · Contact Form Advanced Database

Name of the Vulnerable Software and Affected Versions: Contact Form Advanced Database WordPress plugin versions 1.0.8 and earlier Description: The issue concerns the lack of authorization and CSRF checks in the delete cf7 data and export cf7 data AJAX actions, which are accessible to any...

Free School Management Software 1.0 - (multiple) Stored Cross-Site Scripting Vulnerability

Exploit Title: Free School Management Software 1.0 - 'multiple' Stored Cross-Site Scripting XSS Exploit Author: fuzzyap1 Category: Web application Vendor Homepage: https://www.sourcecodester.com/php/15073/free-school-management-software.html Software Link:...