CVE-2022-45806

CVE-2022-45806 affects WordPress Formidable Forms plugin versions up to 5.5.4. The vulnerability is a Missing Authorization / Broken Access Control flaw in the Strategy11 Form Builder Team, allowing improper access due to incorrectly configured access control security levels. Public sources consi...

PT-2024-11717 · Strategy11 · Formidable Forms

Name of the Vulnerable Software and Affected Versions: Formidable Forms versions n/a through 5.5.4 Description: The issue is related to a missing authorization vulnerability in Strategy11 Form Builder Team Formidable Forms, which allows exploiting incorrectly configured access control security...

WordPress plugin Constant Contact Forms 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed in the PHP language. The platform supports personal blog sites on servers with PHP and MySQL. WordPress plugin is an application plugin. A security vulnerability exists in...

WordPress plugin MailChimp Forms by MailMunch 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...

PT-2024-12864 · Mailmunch · Mailchimp Forms By Mailmunch

Name of the Vulnerable Software and Affected Versions: MailChimp Forms by MailMunch versions prior to 3.1.4 Description: The issue is related to a missing authorization vulnerability in MailChimp Forms by MailMunch, which allows the exploitation of incorrectly configured access control security...

WordPress Flaming Forms plugin <= 1.0.1 - CSRF to Stored XSS vulnerability

CSRF to Stored XSS vulnerability discovered by SOPROBRO Patchstack Alliance in WordPress Plugin Flaming Forms versions = 1.0.1...

CVE-2024-11052

The Ninja Forms – The Contact Form Builder That Grows With You plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the calculations parameter in all versions up to, and including, 3.8.19 due to insufficient input sanitization and output escaping. This makes it possible for...

CVE-2024-11052

The Ninja Forms – The Contact Form Builder That Grows With You plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the calculations parameter in all versions up to, and including, 3.8.19 due to insufficient input sanitization and output escaping. This makes it possible for...

CVE-2024-11052 Ninja Forms – The Contact Form Builder That Grows With You <= 3.8.19 - Unauthenticated Stored Cross-Site Scripting via Form Calculations

The Ninja Forms – The Contact Form Builder That Grows With You plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the calculations parameter in all versions up to, and including, 3.8.19 due to insufficient input sanitization and output escaping. This makes it possible for...

CVE-2024-11052

CVE-2024-11052 affects Ninja Forms – The Contact Form Builder That Grows With You (WordPress). In all versions up to 3.8.19, the plugin is vulnerable to Stored Cross‑Site Scripting via the calculations parameter due to insufficient input sanitization and output escaping, enabling unauthenticated ...

CVE-2024-11052 Ninja Forms – The Contact Form Builder That Grows With You <= 3.8.19 - Unauthenticated Stored Cross-Site Scripting via Form Calculations

The Ninja Forms – The Contact Form Builder That Grows With You plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the calculations parameter in all versions up to, and including, 3.8.19 due to insufficient input sanitization and output escaping. This makes it possible for...

CVE-2024-10182

The Cognito Forms plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'id' parameter in all versions up to, and including, 2.0.7 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and...

CVE-2024-10182 Cognito Forms <= 2.0.7 - Authenticated (Contributor+) Stored Cross-Site Scripting via id Parameter

The Cognito Forms plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'id' parameter in all versions up to, and including, 2.0.7 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and...

CVE-2024-10182 Cognito Forms <= 2.0.7 - Authenticated (Contributor+) Stored Cross-Site Scripting via id Parameter

The Cognito Forms plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'id' parameter in all versions up to, and including, 2.0.7 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and...

CVE-2024-10182

CVE-2024-10182 (Cognito Forms for WordPress) Stored Cross-Site Scripting vulnerability in the Cognito Forms plugin for WordPress via the id parameter, affecting all versions up to and including 2.0.6. Root cause is insufficient input sanitization and output escaping. Exploitation requires authent...

WordPress Ninja Forms plugin <= 3.8.19 - Unauthenticated Stored Cross-Site Scripting via Form Calculations vulnerability

Unauthenticated Stored Cross-Site Scripting via Form Calculations vulnerability discovered by mikemyers in WordPress Plugin Ninja Forms versions = 3.8.19...

WordPress Cognito Forms plugin <= 2.0.6 - Authenticated (Contributor+) Stored Cross-Site Scripting via id Parameter vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via id Parameter vulnerability discovered by Peter Thaleikis in WordPress Plugin Cognito Forms versions = 2.0.6...

WordPress plugin Cognito Forms 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site scripting...

WordPress plugin Ninja Forms 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site scripting...

PT-2024-16726 · WordPress · Ninja Forms

Name of the Vulnerable Software and Affected Versions: Ninja Forms – The Contact Form Builder That Grows With You plugin for WordPress versions up to, and including, 3.8.19 Description: The issue is related to Stored Cross-Site Scripting via the calculations parameter due to insufficient input...