469 matches found
Cross site scripting
A vulnerability, which was classified as problematic, was found in MMDeveloper A Forms Plugin up to 1.4.2 on WordPress. This affects an unknown part of the file a-forms.php. The manipulation leads to cross site scripting. It is possible to initiate the attack remotely. Upgrading to version 1.4.3 ...
CVE-2013-10020 MMDeveloper A Forms Plugin a-forms.php cross site scripting
A vulnerability, which was classified as problematic, was found in MMDeveloper A Forms Plugin up to 1.4.2 on WordPress. This affects an unknown part of the file a-forms.php. The manipulation leads to cross site scripting. It is possible to initiate the attack remotely. Upgrading to version 1.4.3 ...
PT-2023-10009 · Mmdeveloper · Mmdeveloper A Forms Plugin
Name of the Vulnerable Software and Affected Versions: MMDeveloper A Forms Plugin versions up to 1.4.2 Description: A problematic issue was found in the MMDeveloper A Forms Plugin, affecting an unknown part of the file a-forms.php. This issue leads to cross-site scripting and can be initiated...
CVE-2020-36670
The NEX-Forms. plugin for WordPress is vulnerable to unauthorized disclosure and modification of data in versions up to, and including 7.7.1 due to missing capability checks on several AJAX actions. This makes it possible for authenticated attackers with subscriber level permissions and above to...
Design/Logic Flaw
The NEX-Forms. plugin for WordPress is vulnerable to unauthorized disclosure and modification of data in versions up to, and including 7.7.1 due to missing capability checks on several AJAX actions. This makes it possible for authenticated attackers with subscriber level permissions and above to...
CVE-2020-36670 NEX-Forms <= 7.7.1 - Missing Authorization on Various AJAX Actions
The NEX-Forms. plugin for WordPress is vulnerable to unauthorized disclosure and modification of data in versions up to, and including 7.7.1 due to missing capability checks on several AJAX actions. This makes it possible for authenticated attackers with subscriber level permissions and above to...
VulnCheck KEV: CVE-2021-24164
In the Ninja Forms Contact Form WordPress plugin before 3.4.34.1, low-level users, such as subscribers, were able to trigger the action, wpajaxnfoauth, and retrieve the connection url needed to establish a connection. They could also retrieve the clientid for an already established OAuth...
WordPress plugin CRM Perks Forms 跨站脚本漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site scripting vulnerability...
CVE-2022-4024
The Registration Forms WordPress plugin before 3.8.1.3 does not have authorisation and CSRF when deleting users via an init action handler, allowing unauthenticated attackers to delete arbitrary users along with their posts...
Cross site request forgery (csrf)
The Registration Forms WordPress plugin before 3.8.1.3 does not have authorisation and CSRF when deleting users via an init action handler, allowing unauthenticated attackers to delete arbitrary users along with their posts...
WordPress plugin Registration Forms 安全漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. WordPress plugin is an application plugin that supports personal blogs on PHP and MySQL servers. A security vulnerability exists in the WordPress plugin...
WordPress Google Forms plugin cross-site scripting vulnerability
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. WordPress Google Forms plug...
CVE-2022-3834
The Google Forms WordPress plugin through 0.95 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...
PT-2022-24377 · WordPress · Google Forms
Name of the Vulnerable Software and Affected Versions: Google Forms WordPress plugin versions 0.95 and earlier Description: The issue allows high privilege users, such as admins, to perform Stored Cross-Site Scripting attacks. This can occur even when the unfiltered html capability is disallowed,...
CVE-2022-44628
Auth. admin+ Stored Cross-Site Scripting XSS vulnerability in JumpDEMAND Inc. 4ECPS Web Forms plugin = 0.2.17 on WordPress...
CVE-2022-44628
Auth. admin+ Stored Cross-Site Scripting XSS vulnerability in JumpDEMAND Inc. 4ECPS Web Forms plugin = 0.2.17 on WordPress...
CVE-2022-36791
Authenticated contributor+ Stored Cross-Site Scripting XSS vulnerability in Awesome UG Torro Forms plugin = 1.0.16 at WordPress...
CVE-2022-36791
Authenticated contributor+ Stored Cross-Site Scripting XSS vulnerability in Awesome UG Torro Forms plugin = 1.0.16 at WordPress...
Cross site scripting
Authenticated contributor+ Stored Cross-Site Scripting XSS vulnerability in Awesome UG Torro Forms plugin = 1.0.16 at WordPress...
CVE-2022-36791
The CVE-2022-36791 entry covers a Stored Cross-Site Scripting (XSS) in the WordPress plugin Awesome UG Torro Forms