63 matches found
WordPress plugin Bit Form Pro 路径遍历漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plug-in. A path traversal...
WordPress Bit Form Pro plugin <= 2.6.4 - Authenticated Sensitive Data Exposure vulnerability
Authenticated Sensitive Data Exposure vulnerability discovered by Dave Jong Patchstack in WordPress Plugin Bit Form Pro versions = 2.6.4...
WordPress Bit Form Pro plugin <= 2.6.4 - Authenticated Plugin Settings Change vulnerability
Authenticated Plugin Settings Change vulnerability discovered by Dave Jong Patchstack in WordPress Plugin Bit Form Pro versions = 2.6.4...
WordPress Bit Form Pro plugin <= 2.6.4 - Authenticated Arbitrary File Upload vulnerability
Authenticated Arbitrary File Upload vulnerability discovered by Dave Jong Patchstack in WordPress Plugin Bit Form Pro versions = 2.6.4...
WordPress Bit Form Pro plugin <= 2.6.4 - Unauthenticated Arbitrary File Deletion vulnerability
Unauthenticated Arbitrary File Deletion vulnerability discovered by Dave Jong Patchstack in WordPress Plugin Bit Form Pro versions = 2.6.4...
WordPress Bit Form Pro Plugin <= 2.6.4 is vulnerable to Settings Change
Software Bit Form Pro Type Plugin Vulnerable versions = 2.6.4 Fixed in 2.8.0 OWASP Top 10 A1: Broken Access Control Classification Settings Change CVE CVE-2024-43250 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 786f4284258a Credits Dave Jong Patchstack Required...
WordPress Bit Form Pro Plugin <= 2.6.4 is vulnerable to Arbitrary File Upload
Software Bit Form Pro Type Plugin Vulnerable versions = 2.6.4 Fixed in 2.8.0 OWASP Top 10 A1: Broken Access Control Classification Arbitrary File Upload CVE CVE-2024-43249 Patch priority High CVSS severity High 9.9 Developer Claim ownership PSID 064fd9534e30 Credits Dave Jong Patchstack Required...
WordPress Bit Form Pro Plugin <= 2.6.4 is vulnerable to Arbitrary File Deletion
Software Bit Form Pro Type Plugin Vulnerable versions = 2.6.4 Fixed in 2.8.0 OWASP Top 10 A1: Broken Access Control Classification Arbitrary File Deletion CVE CVE-2024-43248 Patch priority High CVSS severity High 8.6 Developer Claim ownership PSID fe35e84633f6 Credits Dave Jong Patchstack Require...
WordPress Bit Form Pro Plugin <= 2.6.4 is vulnerable to Sensitive Data Exposure
Software Bit Form Pro Type Plugin Vulnerable versions = 2.6.4 Fixed in 2.8.0 OWASP Top 10 A1: Broken Access Control Classification Sensitive Data Exposure CVE CVE-2024-43251 Patch priority Medium CVSS severity Medium 6.5 Developer Claim ownership PSID 6d6af3324445 Credits Dave Jong Patchstack...
WordPress WS Form Pro plugin <= 1.9.217 - Unauthenticated CSV Injection vulnerability
Unauthenticated CSV Injection vulnerability discovered by Duc Manh in WordPress Plugin WS Form Pro versions = 1.9.217...
WordPress WS Form Pro Plugin <= 1.9.217 is vulnerable to CSV Injection
Software WS Form Pro Type Plugin Vulnerable versions = 1.9.217 Fixed in 1.9.218 OWASP Top 10 A1: Injection Classification CSV Injection CVE CVE-2023-5424 Patch priority Low CVSS severity Low 4.7 Developer Claim ownership PSID b17414acaf13 Credits Duc Manh Required privilege Unauthenticated...
CVE-2022-23987
The WS Form LITE and Pro WordPress plugins before 1.8.176 do not sanitise and escape their Form Name, which could allow high privilege users to perform Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed...
CVE-2022-23988
The WS Form LITE and Pro WordPress plugins before 1.8.176 do not sanitise and escape submitted form data, allowing unauthenticated attacker to submit XSS payloads which will get executed when a privileged user will view the related submission...
WordPress WS Form Pro premium plugin <= 1.8.175 - Unauthenticated Stored Cross-Site Scripting (XSS) vulnerability
Unauthenticated Stored Cross-Site Scripting XSS vulnerability discovered by Felipe Restrepo Rodriguez in WordPress WS Form Pro premium plugin versions = 1.8.175. Solution Update the WordPress WS Form Pro premium plugin to the latest available version at least 1.8.176...
WordPress WS Form Pro premium plugin <= 1.8.175 - Stored Cross-Site Scripting (XSS) vulnerability
Stored Cross-Site Scripting XSS vulnerability discovered by Felipe Restrepo Rodriguez in WordPress WS Form Pro premium plugin versions = 1.8.175. Solution Update the WordPress WS Form Pro premium plugin to the latest available version at least 1.8.176...
CVE-2021-24168
The Easy Contact Form Pro WordPress plugin before 1.1.1.9 did not properly sanitise the text fields such as Email Subject, Email Recipient, etc when creating or editing a form, leading to an authenticated author+ stored cross-site scripting issue. This could allow medium privilege accounts such a...
CVE-2021-24168 Easy Contact Form Pro < 1.1.1.9 - Authenticated Stored Cross-Site Scripting (XSS)
The Easy Contact Form Pro WordPress plugin before 1.1.1.9 did not properly sanitise the text fields such as Email Subject, Email Recipient, etc when creating or editing a form, leading to an authenticated author+ stored cross-site scripting issue. This could allow medium privilege accounts such a...
CVE-2021-24168
CVE-2021-24168 affects the Easy Contact Form Pro WordPress plugin prior to 1.1.1.9. The vulnerability is an authenticated stored XSS caused by insufficient sanitization of text fields (e.g., Email Subject, Email Recipient) during form creation/editing. This could allow medium-privilege accounts (...
Easy Contact Form Pro < 1.1.1.9 - Authenticated Stored Cross-Site Scripting (XSS)
The plugin did not properly sanitise the text fields such as Email Subject, Email Recipient, etc when creating or editing a form, leading to an authenticated author+ stored cross-site scripting issue. This could allow medium privilege accounts such as author and editor to perform XSS attacks...
WordPress WP-Ajax-Form-Pro 5.0.2 Shell Upload
Exploit Title : WordPress WP-Ajax-Form-Pro Plugins 5.0.2 Remote Shell Upload Vulnerability Author Discovered By : KingSkrupellos from Cyberizm Digital Security Army Date : 22/12/2018 Vendor Homepage : wordpress.org ajaxformpro.com Software Download Link : ajaxformpro.com Software Script Owner and...