CVE-2024-10862

CVE-2024-10862 affects the WordPress plugin “NEX-Forms – Ultimate Form Builder”. The issue is an authenticated SQL Injection via the search_params parameter in the affected queries, exploitable in versions up to 8.7.13 (and disclosed under authenticated admin context). Root cause: insufficient es...

WordPress plugin NEX-Forms SQL注入漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plug-in. A SQL injection...

PT-2024-16599 · WordPress · Nex-Forms

Name of the Vulnerable Software and Affected Versions: NEX-Forms – Ultimate Form Builder – Contact forms and much more plugin for WordPress versions up to 8.7.13 Description: The issue arises from insufficient escaping on the user-supplied search params parameter and a lack of sufficient...

WordPress plugin Bit Form 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...

WordPress NEX-Forms plugin <= 8.7.15 - Authenticated (Admin+) SQL Injection vulnerability

Authenticated Admin+ SQL Injection vulnerability discovered by M.Awad in WordPress Plugin NEX-Forms versions = 8.7.15...

Malicious code in ui-forms-embed-components-reporting (npm)

--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis 2cc02fa4d714e4e0de4210d4132cb0c07b319906e7f88f1f659e43e9ba8b9bb7 The OpenSSF Package Analysis project identified 'ui-forms-embed-components-reporting' @ 1.21.0 npm as malicious. It is considered malicious...

MAL-2024-12094 Malicious code in ui-forms-embed-components-reporting (npm)

--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis 2cc02fa4d714e4e0de4210d4132cb0c07b319906e7f88f1f659e43e9ba8b9bb7 The OpenSSF Package Analysis project identified 'ui-forms-embed-components-reporting' @ 1.21.0 npm as malicious. It is considered malicious...

How to Lose a Fortune with Just One Bad Click

Image: Shutterstock, iHaMoo. Adam Griffin is still in disbelief over how quickly he was robbed of nearly $500,000 in cryptocurrencies. A scammer called using a real Google phone number to warn his Gmail account was being hacked, sent email security alerts directly from google.com, and ultimately...

WordPress HTML Forms plugin <= 1.4.1 - Reflected Cross Site Scripting (XSS) vulnerability

Reflected Cross Site Scripting XSS vulnerability discovered by Peter Thaleikis Patchstack Alliance in WordPress Plugin HTML Forms versions = 1.4.1...

CVE-2024-54398

Cross-Site Request Forgery CSRF vulnerability in jcaruso001 Flaming Forms flaming-forms allows Stored XSS.This issue affects Flaming Forms: from n/a through = 1.0.1...

CVE-2024-54398 WordPress Flaming Forms plugin <= 1.0.1 - CSRF to Stored XSS vulnerability

Cross-Site Request Forgery CSRF vulnerability in Project Caruso Flaming Forms allows Stored XSS.This issue affects Flaming Forms: from n/a through 1.0.1...

CVE-2024-54398

CVE-2024-54398: Flaming Forms (WordPress plugin) is affected by a Cross-Site Request Forgery (CSRF) that can lead to Stored XSS. Affected range: Flaming Forms versions from n/a up through 1.0.1. The vulnerability is documented with a CVSS v3.1 base score of 7.1 (HIGH) and is categorized under CSR...

CVE-2024-54398 WordPress Flaming Forms plugin <= 1.0.1 - CSRF to Stored XSS vulnerability

Cross-Site Request Forgery CSRF vulnerability in jcaruso001 Flaming Forms flaming-forms allows Stored XSS.This issue affects Flaming Forms: from n/a through = 1.0.1...

PT-2024-36285 · Unknown · Flaming Forms

Name of the Vulnerable Software and Affected Versions: Flaming Forms versions 1.0.1 and earlier Description: The issue is a Cross-Site Request Forgery CSRF vulnerability that allows Stored XSS. This means an attacker can trick a user into performing unintended actions on a web application, and al...

WordPress plugin Flaming Forms 跨站请求伪造漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL. WordPress plugin is an application plugin. A cross-site request forge...

CVE-2024-10646

The Contact Form Plugin by Fluent Forms for Quiz, Survey, and Drag & Drop WP Form Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the form's subject parameter in all versions up to, and including, 5.2.6 due to insufficient input sanitization and output escaping. This...

CVE-2024-10646

The Contact Form Plugin by Fluent Forms for Quiz, Survey, and Drag & Drop WP Form Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the form's subject parameter in all versions up to, and including, 5.2.6 due to insufficient input sanitization and output escaping. This...

CVE-2024-10646 Contact Form Plugin by Fluent Forms for Quiz, Survey, and Drag & Drop WP Form Builder <= 5.2.6 - Unauthenticated Stored Cross-Site Scripting via Form Subject

The Contact Form Plugin by Fluent Forms for Quiz, Survey, and Drag & Drop WP Form Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the form's subject parameter in all versions up to, and including, 5.2.6 due to insufficient input sanitization and output escaping. This...

CVE-2024-10646

CVE-2024-10646 relates to the WordPress plugin Fluent Forms – Contact Forms, Survey & Form Builder . The vulnerability is a Stored Cross-Site Scripting (XSS) in the form’s subject parameter, exploitable in all versions up to 5.2.6 due to insufficient input sanitization and output escaping. The im...

CVE-2024-10646 Contact Form Plugin by Fluent Forms for Quiz, Survey, and Drag & Drop WP Form Builder <= 5.2.6 - Unauthenticated Stored Cross-Site Scripting via Form Subject

The Contact Form Plugin by Fluent Forms for Quiz, Survey, and Drag & Drop WP Form Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the form's subject parameter in all versions up to, and including, 5.2.6 due to insufficient input sanitization and output escaping. This...