EUVD-2023-57463

Malicious code in bioql PyPI...

CVE-2023-5125

The Contact Form by FormGet plugin for WordPress is vulnerable to Stored Cross-Site Scripting via 'formget' shortcode in versions up to, and including, 5.5.5 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers...

WordPress FormGet Contact Form Plugin <= 5.5.5 is vulnerable to Cross Site Scripting (XSS)

Software FormGet Contact Form Type Plugin Vulnerable versions = 5.5.5 Fixed in N/A OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-5125 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 6838d413b93d Credits Lana Codes Required...

CVE-2023-5125

The Contact Form by FormGet plugin for WordPress is vulnerable to Stored Cross-Site Scripting via 'formget' shortcode in versions up to, and including, 5.5.5 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers...

CVE-2023-5125

The Contact Form by FormGet plugin for WordPress is vulnerable to Stored Cross-Site Scripting via 'formget' shortcode in versions up to, and including, 5.5.5 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers...

CVE-2023-5125

CVE-2023-5125 affects the WordPress plugin Contact Form by FormGet. It is a stored XSS via the formget shortcode in versions up to 5.5.5 due to insufficient input sanitization and output escaping on user-supplied attributes. Authenticated attackers with contributor-level permissions can inject ar...

CVE-2023-5125 Contact Form by FormGet <= 5.5.5 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode

The Contact Form by FormGet plugin for WordPress is vulnerable to Stored Cross-Site Scripting via 'formget' shortcode in versions up to, and including, 5.5.5 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers...

CVE-2023-5125

The Contact Form by FormGet plugin for WordPress is vulnerable to Stored Cross-Site Scripting via 'formget' shortcode in versions up to, and including, 5.5.5 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers...

Contact Form by FormGet <= 5.5.5 - Contributor+ Stored XSS

Description The plugin does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high privilege users such as admin...

WordPress plugin Contact Form by FormGet Cross-Site Scripting Vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A cross-site scripting vulnerability exists...

PT-2023-31778 · WordPress · The Contact Form By Formget

Name of the Vulnerable Software and Affected Versions: The Contact Form by FormGet plugin for WordPress versions up to, and including, 5.5.5 Description: The issue is related to Stored Cross-Site Scripting via the formget shortcode due to insufficient input sanitization and output escaping on...

A week in security (July 22 – 28)

Last week on Malwarebytes Labs, we offered an extensive analysis into the Malaysian Airlines Flight 17 investigation, updated users on the newest feature set to AdwCleaner 7.4.0 it now detects pre-installed software, and provided a deep dive into Phobos ransomware. We also broke down the latest...

formget.com XSS vulnerability

Open Bug Bounty ID: OBB-701664 Description| Value ---|--- Affected Website:| formget.com Open Bug Bounty Program:| Create your bounty program now. It's open and free. Vulnerable Application:| hidden until disclosure Vulnerability Type:| XSS Cross Site Scripting / CWE-79 CVSSv3 Score:| hidden unti...

formget.com XSS vulnerability

Open Bug Bounty ID: OBB-615387 Description| Value ---|--- Affected Website:| formget.com Open Bug Bounty Program:| Create your bounty program now. It's open and free. Vulnerable Application:| Custom Code Vulnerability Type:| XSS Cross Site Scripting / CWE-79 CVSSv3 Score:| 6.1...

FormGet Contact Form 5.3 - Stored XSS

The AJAX action ‘requestresponse’, defined in formget-contact-form/index.php line 278 is available to any logged in user. The parameter ‘value’ is accepted as valid, so long as the string ‘sideBar’ is found at a position other than 0 i.e. prefix the payload with a space. The ‘pageid’ parameter ca...