Authentication flaw

The Kali Forms plugin for WordPress is vulnerable to Authenticated Options Change in versions up to, and including, 2.1.1. This is due to the updateoption lacking proper authentication checks. This makes it possible for any authenticated attacker to change or delete the plugin's settings...

Design/Logic Flaw

The Kali Forms plugin for WordPress is vulnerable to Unauthenticated Arbitrary Post Deletion in versions up to, and including, 2.1.1. This is due to the kaliformsformdeleteuploadedfile function lacking any privilege or user protections. This makes it possible for unauthenticated attackers to dele...

CVE-2020-36717 Kali Forms <= 2.1.1 - Cross-Site Request Forgery

The Kali Forms plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.1.1. This is due to incorrect nonce handling throughout the plugin's function. This makes it possible for unauthenticated attackers to access the plugin's administrative functions v...

PT-2023-12478

Name of the Vulnerable Software and Affected Versions: The Flo Forms – Easy Drag & Drop Form Builder plugin for WordPress versions up to, and including, 1.0.35 Description: The issue is related to Stored Cross-Site Scripting via Options Change, which occurs when using the flo import forms options...

WordPress Formidable Forms Plugin < 6.3.1 is vulnerable to Broken Access Control

Software Formidable Forms Type Plugin Vulnerable versions 6.3.1 Fixed in 6.3.1 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE N/A Patch priority Medium CVSS severity Medium 5.4 Developer Claim ownership PSID bb421c7db580 Credits WordFence Required privilege...

CVE-2023-2836

The CRM Perks Forms plugin for WordPress is vulnerable to Stored Cross-Site Scripting via form settings in versions up to, and including, 1.1.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and...

CVE-2023-2836

CVE-2023-2836 applies to the CRM Perks Forms plugin for WordPress. It is a stored XSS vulnerability in form settings, affecting versions up to and including 1.1.1. The root cause is insufficient input sanitization and output escaping, allowing an authenticated attacker with administrator-level pe...

CVE-2023-1835

The Ninja Forms Contact Form WordPress plugin before 3.6.22 does not properly escape user input before outputting it back in an admin page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin...

CVE-2023-2114

The NEX-Forms WordPress plugin before 8.4 does not properly escape the table parameter, which is populated with user input, before concatenating it to an SQL query...

CVE-2023-2114 NEX-Forms < 8.4 - Admin+ SQL Injection

The NEX-Forms WordPress plugin before 8.4 does not properly escape the table parameter, which is populated with user input, before concatenating it to an SQL query...

PT-2023-17932 · WordPress · Nex-Forms

Name of the Vulnerable Software and Affected Versions: NEX-Forms WordPress plugin versions prior to 8.4 Description: The issue arises from improper escaping of the table parameter, which is populated with user input, before it is concatenated to an SQL query. Recommendations: For versions prior t...

CVE-2022-44631

Auth. author+ Stored Cross-Site Scripting XSS vulnerability in 1app Technologies, Inc 1app Business Forms plugin = 1.0.0 versions...

CVE-2022-44631

Auth. author+ Stored Cross-Site Scripting XSS vulnerability in 1app Technologies, Inc 1app Business Forms plugin = 1.0.0 versions...

CVE-2022-44631 WordPress 1app Business Forms Plugin <= 1.0.0 is vulnerable to Cross Site Scripting (XSS)

Auth. author+ Stored Cross-Site Scripting XSS vulnerability in 1app Technologies, Inc 1app Business Forms plugin = 1.0.0 versions...

WordPress Plugin 1app Business Forms 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site scripting vulnerability...

Exploit for SQL Injection in Basixonline Nex-Forms

nex-formsSQL-Injection CVE-2023-2114 https://vulners.com/cve/...

CVE-2023-0816

The Formidable Forms WordPress plugin before 6.1 uses several potentially untrusted headers to determine the IP address of the client, leading to IP Address spoofing and bypass of anti-spam protections...

CVE-2023-0272

The NEX-Forms WordPress plugin before 8.3.3 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks...

NEX-Forms WordPress plugin &lt; 7.9.7 - Authenticated SQLi

Exploit Title: NEX-Forms WordPress plugin =5.0.12 AND time-based blind query SLEEP Payload: page=nex-forms-dashboard&formid=1 AND SELECT 4715 FROM SELECTSLEEP5nPUi...

CVE-2013-10020

A vulnerability, which was classified as problematic, was found in MMDeveloper A Forms Plugin up to 1.4.2 on WordPress. This affects an unknown part of the file a-forms.php. The manipulation leads to cross site scripting. It is possible to initiate the attack remotely. Upgrading to version 1.4.3 ...