CVE-2024-11325

The AWeber Forms by Optin Cat plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of addqueryarg without appropriate escaping on the URL in all versions up to, and including, 2.5.7. This makes it possible for unauthenticated attackers to inject arbitrary web script...

CVE-2024-11325 AWeber Forms by Optin Cat <= 2.5.7 - Reflected Cross-Site Scripting

The AWeber Forms by Optin Cat plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of addqueryarg without appropriate escaping on the URL in all versions up to, and including, 2.5.7. This makes it possible for unauthenticated attackers to inject arbitrary web script...

CVE-2024-11325 AWeber Forms by Optin Cat <= 2.5.7 - Reflected Cross-Site Scripting

The AWeber Forms by Optin Cat plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of addqueryarg without appropriate escaping on the URL in all versions up to, and including, 2.5.7. This makes it possible for unauthenticated attackers to inject arbitrary web script...

CVE-2024-11325

CVE-2024-11325 concerns the AWeber Forms by Optin Cat WordPress plugin. It is a Reflected Cross-Site Scripting vulnerability caused by improper escaping of add_query_arg usage, affecting all versions up to and including 2.5.7. Unauthenticated attackers could inject arbitrary scripts into pages ex...

WordPress plugin Campaign Monitor Forms by Optin Cat 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation. WordPress is a blogging platform developed in the PHP language. WordPress plugin is an application plugin that supports personal blog sites on PHP and MySQL servers. A cross-site scripting vulnerability exists in the...

WordPress plugin AWeber Forms by Optin Cat 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed in the PHP language. WordPress plugin is an application plugin that supports personal blogs on PHP and MySQL servers. A cross-site scripting vulnerability exists in WordPress...

PT-2024-16911 · WordPress · Aweber Forms

Name of the Vulnerable Software and Affected Versions: AWeber Forms by Optin Cat plugin for WordPress versions up to, and including, 2.5.7 Description: The issue is related to Reflected Cross-Site Scripting due to the use of add query arg without appropriate escaping on the URL. This allows...

WordPress AWeber Forms plugin <= 2.5.7 - Reflected Cross-Site Scripting vulnerability

Reflected Cross-Site Scripting vulnerability discovered by vgo0 in WordPress Plugin AWeber Forms versions = 2.5.7...

WordPress Campaign Monitor Forms by Optin Cat plugin <= 2.5.7 - Reflected Cross-Site Scripting vulnerability

Reflected Cross-Site Scripting vulnerability discovered by vgo0 in WordPress Plugin Campaign Monitor Forms versions = 2.5.7...

CVE-2024-53784

Missing Authorization vulnerability in E-goi Smart Marketing SMS and Newsletters Forms smart-marketing-for-wp allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Smart Marketing SMS and Newsletters Forms: from n/a through = 5.0.4...

CVE-2024-53784

CVE-2024-53784 affects the WordPress plugin Smart Marketing for WP (Smart Marketing SMS and Newsletters Forms). Description confirms a Missing Authorization vulnerability allowing exploitation of incorrectly configured access controls in versions up to 5.0.9. CVSS 3.1 base score 4.3 (Network, Low...

CVE-2024-53784 WordPress Smart Marketing SMS and Newsletters Forms plugin <= 5.0.4 - Broken Access Control vulnerability

Missing Authorization vulnerability in E-goi Smart Marketing SMS and Newsletters Forms smart-marketing-for-wp allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Smart Marketing SMS and Newsletters Forms: from n/a through = 5.0.4...

WordPress NEX-Forms plugin <= 8.7.8 - SQL Injection vulnerability

SQL Injection vulnerability discovered by trongnb02 Patchstack Alliance in WordPress Plugin NEX-Forms versions = 8.7.8...

WordPress plugin Smart Marketing SMS and Newsletters Forms 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation. WordPress is a blogging platform developed in the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A security vulnerability exists in WordPress...

WordPress Smart Marketing SMS and Newsletters Forms plugin <= 5.0.4 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by Trương Hữu Phúc Patchstack Alliance in WordPress Plugin Smart Marketing SMS and Newsletters Forms versions = 5.0.4...

WordPress WordPress Contact Forms by Cimatti plugin <= 1.9.2 - Cross-Site Request Forgery via process_bulk_action Function vulnerability

Cross-Site Request Forgery via processbulkaction Function vulnerability discovered by vgo0 in WordPress Plugin Contact Forms by Cimatti versions = 1.9.2...

CVE-2024-10521

The WordPress Contact Forms by Cimatti plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.9.2. This is due to missing or incorrect nonce validation on the processbulkaction function. This makes it possible for unauthenticated attackers to dele...

CVE-2024-10521

The WordPress Contact Forms by Cimatti plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.9.2. This is due to missing or incorrect nonce validation on the processbulkaction function. This makes it possible for unauthenticated attackers to dele...

CVE-2024-10521

CVE-2024-10521 affects WordPress Contact Forms by Cimatti (WordPress plugin). It is a Cross-Site Request Forgery vulnerability caused by missing or incorrect nonce validation in the process_bulk_action function, allowing unauthenticated attackers to delete forms via forged requests if a site admi...

CVE-2024-10521 WordPress Contact Forms by Cimatti <= 1.9.2 - Cross-Site Request Forgery via process_bulk_action Function

The WordPress Contact Forms by Cimatti plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.9.2. This is due to missing or incorrect nonce validation on the processbulkaction function. This makes it possible for unauthenticated attackers to dele...