WordPress plugin Kali Forms 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security...

WordPress plugin Kali Forms 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security...

WordPress plugin HTML Forms 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL. WordPress plugin is an application plugin. A cross-site scripting...

PT-2025-1490 · Unknown · Kali Forms

Name of the Vulnerable Software and Affected Versions: Kali Forms versions through 2.3.28 Description: The issue is related to a Missing Authorization vulnerability in the Kali Forms Contact Form builder with drag & drop, allowing exploitation of incorrectly configured access control security...

PT-2025-1517 · Unknown · Quill Forms

Name of the Vulnerable Software and Affected Versions: Quill Forms versions 3.3.0 and earlier Description: The issue is related to missing authorization in Quill Forms, allowing exploitation of incorrectly configured access control security levels. Recommendations: For Quill Forms versions 3.3.0...

PT-2025-1503 · Unknown · Kali Forms

Name of the Vulnerable Software and Affected Versions: Kali Forms versions 2.3.27 and earlier Description: The issue is related to a Missing Authorization vulnerability in Kali Forms Contact Form builder with drag & drop, which allows exploiting incorrectly configured access control security...

PT-2025-3188 · Unknown · Html Forms

Name of the Vulnerable Software and Affected Versions: HTML Forms versions n/a through 1.4.1 Description: The issue is related to improper neutralization of input during web page generation, which allows Reflected XSS. This means that an attacker can inject malicious code into the HTML Forms,...

PT-2025-42561

Name of the Vulnerable Software and Affected Versions mediawiki affected versions not specified Description The software contains a flaw related to the escaping of the submit button label for Codex-based HTML forms. This could potentially lead to issues with how the submit button is displayed or...

WordPress Ninja Forms plugin <= 3.8.22 - Authenticated (Subscriber+) Arbitrary Shortcode Execution vulnerability

Authenticated Subscriber+ Arbitrary Shortcode Execution vulnerability discovered by mikemyers in WordPress Plugin Ninja Forms versions = 3.8.22...

CVE-2024-12238

The The Ninja Forms – The Contact Form Builder That Grows With You plugin for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 3.8.22. This is due to the software allowing users to execute an action that does not properly validate a value before runni...

CVE-2024-12238

The The Ninja Forms – The Contact Form Builder That Grows With You plugin for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 3.8.22. This is due to the software allowing users to execute an action that does not properly validate a value before runni...

CVE-2024-12238 Ninja Forms – The Contact Form Builder That Grows With You <= 3.8.22 - Authenticated (Subscriber+) Arbitrary Shortcode Execution

The The Ninja Forms – The Contact Form Builder That Grows With You plugin for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 3.8.22. This is due to the software allowing users to execute an action that does not properly validate a value before runni...

CVE-2024-12238 Ninja Forms – The Contact Form Builder That Grows With You <= 3.8.22 - Authenticated (Subscriber+) Arbitrary Shortcode Execution

The The Ninja Forms – The Contact Form Builder That Grows With You plugin for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 3.8.22. This is due to the software allowing users to execute an action that does not properly validate a value before runni...

CVE-2024-12238

CVE-2024-12238 affects the WordPress plugin Ninja Forms – The Contact Form Builder That Grows With You. The vulnerability allows arbitrary shortcode execution in all versions up to and including 3.8.22 due to insufficient validation when do_shortcode is executed. This enables authenticated attack...

WordPress plugin Ninja Forms 代码注入漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A code injection...

PT-2024-17504 · WordPress · Ninja Forms

Name of the Vulnerable Software and Affected Versions: The Ninja Forms – The Contact Form Builder That Grows With You plugin for WordPress versions up to, and including, 3.8.22 Description: The issue is related to arbitrary shortcode execution due to the software allowing users to execute an acti...

Scams Based on Fake Google Emails

Scammers are hacking Google Forms to send email to victims that come from google.com. Brian Krebs reports on the effects. Boing Boing post...

CVE-2024-10862

The NEX-Forms – Ultimate Form Builder – Contact forms and much more plugin for WordPress is vulnerable to SQL Injection via the 'searchparams' parameter in all versions up to, and including, 8.7.13 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on t...

CVE-2024-10862 NEX-Forms <= 8.7.13 - Authenticated (Admin+) SQL Injection

The NEX-Forms – Ultimate Form Builder – Contact forms and much more plugin for WordPress is vulnerable to SQL Injection via the 'searchparams' parameter in all versions up to, and including, 8.7.13 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on t...

CVE-2024-10862 NEX-Forms <= 8.7.15 - Authenticated (Admin+) SQL Injection

The NEX-Forms – Ultimate Form Builder – Contact forms and much more plugin for WordPress is vulnerable to SQL Injection via the 'searchparams' parameter in all versions up to, and including, 8.7.15 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on t...