Lucene search
K

63 matches found

CNNVD
CNNVD
added 2024/08/19 12:0 a.m.4 views

WordPress plugin Bit Form Pro 路径遍历漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plug-in. A path traversal...

9.1CVSS6.8AI score0.0059EPSS
Exploits0References2
Patchstack
Patchstack
added 2024/08/12 12:39 p.m.7 views

WordPress Bit Form Pro plugin <= 2.6.4 - Authenticated Sensitive Data Exposure vulnerability

Authenticated Sensitive Data Exposure vulnerability discovered by Dave Jong Patchstack in WordPress Plugin Bit Form Pro versions = 2.6.4...

6.5CVSS7AI score0.00418EPSS
Exploits0Affected Software1
Patchstack
Patchstack
added 2024/08/12 12:38 p.m.8 views

WordPress Bit Form Pro plugin <= 2.6.4 - Authenticated Plugin Settings Change vulnerability

Authenticated Plugin Settings Change vulnerability discovered by Dave Jong Patchstack in WordPress Plugin Bit Form Pro versions = 2.6.4...

7.1CVSS7AI score0.00285EPSS
Exploits0Affected Software1
Patchstack
Patchstack
added 2024/08/12 12:36 p.m.5 views

WordPress Bit Form Pro plugin <= 2.6.4 - Authenticated Arbitrary File Upload vulnerability

Authenticated Arbitrary File Upload vulnerability discovered by Dave Jong Patchstack in WordPress Plugin Bit Form Pro versions = 2.6.4...

9.9CVSS7AI score0.01049EPSS
Exploits0Affected Software1
Patchstack
Patchstack
added 2024/08/12 12:35 p.m.6 views

WordPress Bit Form Pro plugin <= 2.6.4 - Unauthenticated Arbitrary File Deletion vulnerability

Unauthenticated Arbitrary File Deletion vulnerability discovered by Dave Jong Patchstack in WordPress Plugin Bit Form Pro versions = 2.6.4...

9.1CVSS7AI score0.0059EPSS
Exploits0Affected Software1
Patchstack
Patchstack
added 2024/08/12 12:0 a.m.13 views

WordPress Bit Form Pro Plugin <= 2.6.4 is vulnerable to Settings Change

Software Bit Form Pro Type Plugin Vulnerable versions = 2.6.4 Fixed in 2.8.0 OWASP Top 10 A1: Broken Access Control Classification Settings Change CVE CVE-2024-43250 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 786f4284258a Credits Dave Jong Patchstack Required...

7.1CVSS6.5AI score0.00285EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2024/08/12 12:0 a.m.16 views

WordPress Bit Form Pro Plugin <= 2.6.4 is vulnerable to Arbitrary File Upload

Software Bit Form Pro Type Plugin Vulnerable versions = 2.6.4 Fixed in 2.8.0 OWASP Top 10 A1: Broken Access Control Classification Arbitrary File Upload CVE CVE-2024-43249 Patch priority High CVSS severity High 9.9 Developer Claim ownership PSID 064fd9534e30 Credits Dave Jong Patchstack Required...

9.9CVSS6.5AI score0.01049EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2024/08/12 12:0 a.m.13 views

WordPress Bit Form Pro Plugin <= 2.6.4 is vulnerable to Arbitrary File Deletion

Software Bit Form Pro Type Plugin Vulnerable versions = 2.6.4 Fixed in 2.8.0 OWASP Top 10 A1: Broken Access Control Classification Arbitrary File Deletion CVE CVE-2024-43248 Patch priority High CVSS severity High 8.6 Developer Claim ownership PSID fe35e84633f6 Credits Dave Jong Patchstack Require...

9.1CVSS6.5AI score0.0059EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2024/08/12 12:0 a.m.18 views

WordPress Bit Form Pro Plugin <= 2.6.4 is vulnerable to Sensitive Data Exposure

Software Bit Form Pro Type Plugin Vulnerable versions = 2.6.4 Fixed in 2.8.0 OWASP Top 10 A1: Broken Access Control Classification Sensitive Data Exposure CVE CVE-2024-43251 Patch priority Medium CVSS severity Medium 6.5 Developer Claim ownership PSID 6d6af3324445 Credits Dave Jong Patchstack...

6.5CVSS6.5AI score0.00418EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2024/06/07 2:15 a.m.8 views

WordPress WS Form Pro plugin <= 1.9.217 - Unauthenticated CSV Injection vulnerability

Unauthenticated CSV Injection vulnerability discovered by Duc Manh in WordPress Plugin WS Form Pro versions = 1.9.217...

8.8CVSS7.3AI score0.00493EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2024/06/07 12:0 a.m.17 views

WordPress WS Form Pro Plugin <= 1.9.217 is vulnerable to CSV Injection

Software WS Form Pro Type Plugin Vulnerable versions = 1.9.217 Fixed in 1.9.218 OWASP Top 10 A1: Injection Classification CSV Injection CVE CVE-2023-5424 Patch priority Low CVSS severity Low 4.7 Developer Claim ownership PSID b17414acaf13 Credits Duc Manh Required privilege Unauthenticated...

8.8CVSS8.8AI score0.00493EPSS
Exploits0References2Affected Software1
OSV
OSV
added 2022/02/28 9:15 a.m.2 views

CVE-2022-23987

The WS Form LITE and Pro WordPress plugins before 1.8.176 do not sanitise and escape their Form Name, which could allow high privilege users to perform Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed...

4.8CVSS5.8AI score0.00588EPSS
Exploits1References1
OSV
OSV
added 2022/02/28 9:15 a.m.4 views

CVE-2022-23988

The WS Form LITE and Pro WordPress plugins before 1.8.176 do not sanitise and escape submitted form data, allowing unauthenticated attacker to submit XSS payloads which will get executed when a privileged user will view the related submission...

6.1CVSS6.4AI score0.02196EPSS
Exploits1References1
Patchstack
Patchstack
added 2022/01/31 12:0 a.m.21 views

WordPress WS Form Pro premium plugin <= 1.8.175 - Unauthenticated Stored Cross-Site Scripting (XSS) vulnerability

Unauthenticated Stored Cross-Site Scripting XSS vulnerability discovered by Felipe Restrepo Rodriguez in WordPress WS Form Pro premium plugin versions = 1.8.175. Solution Update the WordPress WS Form Pro premium plugin to the latest available version at least 1.8.176...

6.1CVSS1.9AI score0.02196EPSS
Exploits1References3Affected Software1
Patchstack
Patchstack
added 2022/01/31 12:0 a.m.66 views

WordPress WS Form Pro premium plugin <= 1.8.175 - Stored Cross-Site Scripting (XSS) vulnerability

Stored Cross-Site Scripting XSS vulnerability discovered by Felipe Restrepo Rodriguez in WordPress WS Form Pro premium plugin versions = 1.8.175. Solution Update the WordPress WS Form Pro premium plugin to the latest available version at least 1.8.176...

4.8CVSS1.7AI score0.00588EPSS
Exploits1References3Affected Software1
OSV
OSV
added 2021/04/05 7:15 p.m.2 views

CVE-2021-24168

The Easy Contact Form Pro WordPress plugin before 1.1.1.9 did not properly sanitise the text fields such as Email Subject, Email Recipient, etc when creating or editing a form, leading to an authenticated author+ stored cross-site scripting issue. This could allow medium privilege accounts such a...

5.4CVSS6AI score0.00628EPSS
Exploits1References1
Cvelist
Cvelist
added 2021/04/05 6:27 p.m.22 views

CVE-2021-24168 Easy Contact Form Pro < 1.1.1.9 - Authenticated Stored Cross-Site Scripting (XSS)

The Easy Contact Form Pro WordPress plugin before 1.1.1.9 did not properly sanitise the text fields such as Email Subject, Email Recipient, etc when creating or editing a form, leading to an authenticated author+ stored cross-site scripting issue. This could allow medium privilege accounts such a...

5.3AI score0.00628EPSS
Exploits1References1
CVE
CVE
added 2021/04/05 6:27 p.m.99 views

CVE-2021-24168

CVE-2021-24168 affects the Easy Contact Form Pro WordPress plugin prior to 1.1.1.9. The vulnerability is an authenticated stored XSS caused by insufficient sanitization of text fields (e.g., Email Subject, Email Recipient) during form creation/editing. This could allow medium-privilege accounts (...

5.4CVSS5.1AI score0.00628EPSS
Exploits1References1Affected Software1
WPVulnDB
WPVulnDB
added 2021/01/15 12:0 a.m.12 views

Easy Contact Form Pro < 1.1.1.9 - Authenticated Stored Cross-Site Scripting (XSS)

The plugin did not properly sanitise the text fields such as Email Subject, Email Recipient, etc when creating or editing a form, leading to an authenticated author+ stored cross-site scripting issue. This could allow medium privilege accounts such as author and editor to perform XSS attacks...

0.6AI score
Exploits0References1Affected Software1
Packet Storm
Packet Storm
added 2018/12/22 12:0 a.m.75 views

WordPress WP-Ajax-Form-Pro 5.0.2 Shell Upload

Exploit Title : WordPress WP-Ajax-Form-Pro Plugins 5.0.2 Remote Shell Upload Vulnerability Author Discovered By : KingSkrupellos from Cyberizm Digital Security Army Date : 22/12/2018 Vendor Homepage : wordpress.org ajaxformpro.com Software Download Link : ajaxformpro.com Software Script Owner and...

7.4AI score
Exploits0
Rows per page
Query Builder