WordPress Contact Forms by Cimatti Plugin <= 1.9.2 is vulnerable to Cross Site Request Forgery (CSRF)

Software Contact Forms by Cimatti Type Plugin Vulnerable versions = 1.9.2 Fixed in 1.9.3 OWASP Top 10 A5: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2024-10521 Patch priority Low CVSS severity Low 4.3 Developer Cimatti Consulting PSID 2351691c2ff2 Credits vgo0...

CVE-2024-10579

The Hustle – Email Marketing, Lead Generation, Optins, Popups plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the previewmodule function in all versions up to, and including, 7.8.5. This makes it possible for authenticated attackers, with...

WordPress Everest Forms plugin < 3.0.4.2 - Admin+ Stored XSS vulnerability

Admin+ Stored XSS vulnerability discovered by Dmitrii Ignatyev in WordPress Plugin Everest Forms versions 3.0.4.2...

CVE-2024-10471

The Everest Forms WordPress plugin before 3.0.4.2 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

CVE-2024-10471

The Everest Forms WordPress plugin before 3.0.4.2 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

CVE-2024-10471 Everest Forms < 3.0.4.2 - Admin+ Stored XSS

The Everest Forms WordPress plugin before 3.0.4.2 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

CVE-2024-10471

CVE-2024-10471 affects the Everest Forms WordPress plugin prior to version 3.0.4.2. The issue arises because the plugin does not sanitize/escape certain settings, potentially allowing high-privilege users (e.g., administrators) to perform Stored XSS even when unfiltered_html is disallowed (e.g., ...

WordPress Everest Forms Plugin < 3.0.4.2 is vulnerable to Cross Site Scripting (XSS)

Software Everest Forms Type Plugin Vulnerable versions 3.0.4.2 Fixed in 3.0.4.2 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-10471 Patch priority Low CVSS severity Low 5.9 Developer Claim ownership PSID 675cfcd37990 Credits Dmitrii Ignatyev Requir...

WordPress plugin Everest Forms 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security...

PT-2024-16378 · WordPress · The Hustle – Email Marketing

Name of the Vulnerable Software and Affected Versions: The Hustle – Email Marketing, Lead Generation, Optins, Popups plugin for WordPress versions up to, and including, 7.8.5 Description: The issue is related to unauthorized access of data due to a missing capability check on the preview module...

PT-2024-16301 · WordPress · Everest Forms

Name of the Vulnerable Software and Affected Versions: Everest Forms WordPress plugin versions prior to 3.0.4.2 Description: The issue allows high privilege users, such as admins, to perform Stored Cross-Site Scripting attacks, even when the unfiltered html capability is disallowed, for example, ...

CVE-2024-11188

The Formidable Forms – Contact Form Plugin, Survey, Quiz, Payment, Calculator Form & Custom Form Builder plugin for WordPress is vulnerable to POST-Based Reflected Cross-Site Scripting via the Custom HTML Form parameters in all versions up to, and including, 6.16.1.2 due to insufficient input...

CVE-2024-11188

The Formidable Forms – Contact Form Plugin, Survey, Quiz, Payment, Calculator Form & Custom Form Builder plugin for WordPress is vulnerable to POST-Based Reflected Cross-Site Scripting via the Custom HTML Form parameters in all versions up to, and including, 6.16.1.2 due to insufficient input...

CVE-2024-11188

Formidable Forms – Contact Form Plugin for WordPress (CVE-2024-11188) is affected by a POST-based Reflected Cross-Site Scripting vulnerability via Custom HTML Form parameters in all versions up to 6.16.1.2, caused by insufficient input sanitization and output escaping. Attackers can exploit this ...

CVE-2024-11188 Formidable Forms – Contact Form Plugin, Survey, Quiz, Payment, Calculator Form & Custom Form Builder <= 6.16.1.2 - Reflected Cross-Site Scripting via Custom HTML Form Parameter

The Formidable Forms – Contact Form Plugin, Survey, Quiz, Payment, Calculator Form & Custom Form Builder plugin for WordPress is vulnerable to POST-Based Reflected Cross-Site Scripting via the Custom HTML Form parameters in all versions up to, and including, 6.16.1.2 due to insufficient input...

CVE-2024-11332 HIPAA Compliant Forms with Drag’n’Drop HIPAA Form Builder. Sign HIPAA documents <= 1.3.4 - Authenticated (Contributor+) Stored Cross-Site Scripting

The HIPAA Compliant Forms with Drag’n’Drop HIPAA Form Builder. Sign HIPAA documents plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'hipaatizer' shortcode in all versions up to, and including, 1.3.4 due to insufficient input sanitization and output escaping on...

CVE-2024-11332 HIPAA Compliant Forms with Drag’n’Drop HIPAA Form Builder. Sign HIPAA documents <= 1.3.4 - Authenticated (Contributor+) Stored Cross-Site Scripting

The HIPAA Compliant Forms with Drag’n’Drop HIPAA Form Builder. Sign HIPAA documents plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'hipaatizer' shortcode in all versions up to, and including, 1.3.4 due to insufficient input sanitization and output escaping on...

CVE-2024-11332

CVE-2024-11332 : Stored XSS in the WordPress plugin “HIPAA Compliant Forms with Drag’n’Drop HIPAA Form Builder. Sign HIPAA documents” (versions up to 1.3.4) via the hipaatizer shortcode. Exploitation requires authenticated access at contributor level or higher; payloads execute when users view in...

WordPress plugin Formidable Forms 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site scripting...

WordPress Formidable Forms plugin <= 6.16.1.2 - Reflected Cross-Site Scripting via Custom HTML Form Parameter vulnerability

Reflected Cross-Site Scripting via Custom HTML Form Parameter vulnerability discovered by mikemyers in WordPress Plugin Formidable Forms versions = 6.16.1.2...