8176 matches found
CVE-2024-11353
The SMS for Lead Capture Forms plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the deletemessage function in all versions up to, and including, 1.1.0. This makes it possible for authenticated attackers, with Subscriber-level access and...
WordPress plugin Smoove connector for Elementor forms 跨站脚本漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. WordPress plugin is an application plugin that supports personal blog sites on PHP and MySQL servers. A cross-site scripting vulnerability exists in...
WordPress plugin Pie Forms 跨站脚本漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site scripting...
WordPress plugin SMS for Lead Capture Forms 安全漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers with PHP and MySQL. WordPress plugin is an application plugin. A security vulnerability exists in...
CVE-2024-49767
...
WordPress Smoove connector for Elementor forms plugin <= 4.1.0 - Reflected Cross-Site Scripting vulnerability
Reflected Cross-Site Scripting vulnerability discovered by vgo0 in WordPress Plugin Smoove connector for Elementor forms versions = 4.1.0...
CVE-2024-53808
Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Basix NEX-Forms – Ultimate Form Builder allows SQL Injection.This issue affects NEX-Forms – Ultimate Form Builder: from n/a through 8.7.8...
CVE-2024-53808
Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Basix NEX-Forms nex-forms-express-wp-form-builder allows SQL Injection.This issue affects NEX-Forms: from n/a through = 8.7.8...
WordPress SMS for Lead Capture Forms plugin <= 1.1.0 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Message Deletion vulnerability
Missing Authorization to Authenticated Subscriber+ Arbitrary Message Deletion vulnerability discovered by Mika in WordPress Plugin SMS for Lead Capture Forms versions = 1.1.0...
CVE-2024-53808
CVE-2024-53808 : SQL Injection in WordPress plugin “NEX-Forms – Ultimate Form Builder” (Basix NEX-Forms) ≤ 8.7.8. Root cause: improper neutralization of input in SQL commands. Affected products/versions: NEX-Forms – Ultimate Form Builder up to 8.7.8. Exploitation status in provided docs: not indi...
CVE-2024-53808 WordPress NEX-Forms plugin <= 8.7.8 - SQL Injection vulnerability
Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Basix NEX-Forms nex-forms-express-wp-form-builder allows SQL Injection.This issue affects NEX-Forms: from n/a through = 8.7.8...
CVE-2024-53808 WordPress NEX-Forms plugin <= 8.7.8 - SQL Injection vulnerability
Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Basix NEX-Forms – Ultimate Form Builder allows SQL Injection.This issue affects NEX-Forms – Ultimate Form Builder: from n/a through 8.7.8...
CVE-2024-10909 Pojo Forms <= 1.4.7 - Authenticated (Subscriber+) Arbitrary Shortcode Execution via form_preview_shortcode
The The Pojo Forms plugin for WordPress is vulnerable to arbitrary shortcode execution via formpreviewshortcode AJAX action in all versions up to, and including, 1.4.7. This is due to the software allowing users to execute an action that does not properly validate a value before running...
CVE-2024-10909 Pojo Forms <= 1.4.7 - Authenticated (Subscriber+) Arbitrary Shortcode Execution via form_preview_shortcode
The The Pojo Forms plugin for WordPress is vulnerable to arbitrary shortcode execution via formpreviewshortcode AJAX action in all versions up to, and including, 1.4.7. This is due to the software allowing users to execute an action that does not properly validate a value before running...
CVE-2024-10909
The Pojo Forms WordPress plugin (pojo-forms) contains a vulnerability affecting versions up to 1.4.7 where an authenticated user with Subscriber+ can trigger arbitrary shortcode execution via the form_preview_shortcode AJAX action. The issue stems from insufficient validation before running do_sh...
WordPress plugin The Pojo Forms 代码注入漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed in the PHP language. The platform supports personal blog sites on servers running PHP and MySQL.WordPress plugin is an application plugin. A code injection vulnerability exists ...
WordPress plugin NEX-Forms SQL注入漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plug-in. A SQL injection...
PT-2024-16635 · WordPress · Pojo Forms
Name of the Vulnerable Software and Affected Versions: Pojo Forms plugin for WordPress versions 1.4.7 and earlier Description: The Pojo Forms plugin for WordPress is vulnerable to arbitrary shortcode execution via the form preview shortcode AJAX action. This is due to the software allowing users ...
PT-2024-35922 · Unknown · Basix Nex-Forms
Name of the Vulnerable Software and Affected Versions: Basix NEX-Forms – Ultimate Form Builder versions prior to 8.7.9 Description: The issue is related to the improper neutralization of special elements used in an SQL command, also known as 'SQL Injection'. This allows for malicious SQL commands...
WordPress Pojo Forms plugin <= 1.4.7 - Authenticated (Subscriber+) Arbitrary Shortcode Execution via form_preview_shortcode vulnerability
Authenticated Subscriber+ Arbitrary Shortcode Execution via formpreviewshortcode vulnerability discovered by Arkadiusz Hydzik in WordPress Plugin Pojo Forms versions = 1.4.7...