CVE-2023-6842 Formidable Forms <= 6.7 - Authenticated (Administrator+) Stored Cross-Site Scripting

The Formidable Forms – Contact Form, Survey, Quiz, Payment, Calculator Form & Custom Form Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the name field label and description field label parameter in all versions up to 6.7 inclusive due to insufficient input...

CVE-2023-52208 WordPress Constant Contact Forms Plugin <= 2.4.2 is vulnerable to Sensitive Data Exposure

Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Constant Contact Constant Contact Forms.This issue affects Constant Contact Forms: from n/a through 2.4.2...

PT-2023-23151 · Unknown +2 · Contact Form 7 +4

Name of the Vulnerable Software and Affected Versions: CRM Perks Integration for HubSpot and Contact Form 7, WPForms, Elementor, Ninja Forms versions 1.2.8 and earlier Description: The issue is related to a URL Redirection to Untrusted Site, also known as an 'Open Redirect' vulnerability. This...

WordPress Everest Forms Plugin <= 2.0.3 is vulnerable to Broken Access Control

Software Everest Forms Type Plugin Vulnerable versions = 2.0.3 Fixed in 2.0.3.1 OWASP Top 10 A1: Broken Access Control Classification Broken Access Control CVE CVE-2023-51377 Patch priority Low CVSS severity Low 5.3 Developer Claim ownership PSID 8b5448fc86fc Credits Revan Arifio Required privile...

The vulnerability of the CRM Perks Forms plugin of the WordPress content management system allows a hacker to execute XSS attacks.

The vulnerability of the CRM Perks Forms plugin of the WordPress content management system is related to the lack of protective measures for the website structure. Exploiting this vulnerability allows a malicious actor to carry out XSS attacks...

WordPress and WordPress plugin cross-site scripting vulnerabilities

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A cross-site scripting vulnerability exists...

WordPress Smart Forms Plugin <= 2.6.84 is vulnerable to Broken Access Control

Software Smart Forms Type Plugin Vulnerable versions = 2.6.84 Fixed in 2.6.85 OWASP Top 10 A1: Broken Access Control Classification Broken Access Control CVE CVE-2023-49856 Patch priority High CVSS severity High 8.1 Developer Claim ownership PSID 636ea1edcfea Credits Abdi Pranata Required privile...

WP Forms Puzzle Captcha <= 4.1 - Cross-Site Request Forgery to Cross-Site Scripting

Description The WP Forms Puzzle Captcha plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 4.1. This is due to missing or incorrect nonce validation on one of its functions. This makes it possible for unauthenticated attackers to invoke this functio...

VulnCheck KEV: CVE-2023-0552

The Registration Forms WordPress plugin before 3.8.2.3 does not properly validate the redirection URL when logging in and login out, leading to an Open Redirect vulnerability...

The vulnerability of the Registration Forms plugin in the WordPress content management system allows a hacker to redirect users to arbitrary websites.

The vulnerability of the Registration Forms plugin in the WordPress content management system involves redirecting URLs to an unreliable website. Exploiting this vulnerability could allow a malicious actor to redirect users to arbitrary websites...

WordPress Ninja Forms Plugin < 3.6.34 is vulnerable to Cross Site Scripting (XSS)

Software Ninja Forms Type Plugin Vulnerable versions 3.6.34 Fixed in 3.6.34 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-5530 Patch priority Low CVSS severity Low 5.9 Developer Claim ownership PSID a9b2d204bb4c Credits Jonathan Zamora Required...

CVE-2023-5530

The Ninja Forms Contact Form WordPress plugin before 3.6.34 does not sanitize and escape its label fields, which could allow high privilege users such as admin to perform Stored XSS attacks. Only users with the unfilteredhtml capability can perform this, and such users are already allowed to use ...

CVE-2023-5073

The iframe forms plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'iframe' shortcode in versions up to, and including, 1.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and...

WordPress Quill Forms Plugin <= 3.3.0 is vulnerable to Broken Access Control

Software Quill Forms Type Plugin Vulnerable versions = 3.3.0 Fixed in 3.4.0 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2023-46610 Patch priority High CVSS severity High 6.5 Developer Claim ownership PSID f234d1eb3578 Credits Abdi Pranata Required privilege...

CVE-2023-4109

The Ninja Forms WordPress Ninja Forms Contact Form WordPress plugin before 3.6.26 was affected by a HTML Injection security vulnerability...

CVE-2023-0439

The NEX-Forms WordPress plugin before 8.4.4 does not escape its form name, which could lead to Stored Cross-Site Scripting issues. By default only SuperAdmins in multisite / admins in single site can create forms, however there is a settings allowing them to give lower roles access to such featur...

PT-2023-16270 · WordPress · Nex-Forms

Name of the Vulnerable Software and Affected Versions: NEX-Forms WordPress plugin versions prior to 8.4.4 Description: The issue is related to Stored Cross-Site Scripting, which could be caused by the lack of proper escaping of the form name. This could potentially be exploited by users with acce...

CVE-2023-35095 WordPress Flo Forms Plugin <= 1.0.40 is vulnerable to Cross Site Scripting (XSS)

Auth. admin+ Stored Cross-Site Scripting XSS vulnerability in Flothemes Flo Forms – Easy Drag & Drop Form Builder plugin = 1.0.40 versions...

CVE-2021-4367

The Flo Forms – Easy Drag & Drop Form Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via Options Change by using the floimportformsoptions AJAX action in versions up to, and including, 1.0.35 due to insufficient input sanitization and output escaping along with missing...

CVE-2020-36717

The Kali Forms plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.1.1. This is due to incorrect nonce handling throughout the plugin's function. This makes it possible for unauthenticated attackers to access the plugin's administrative functions v...