PT-2024-16917 · WordPress · Hipaa Compliant Forms With Drag’N’Drop Hipaa Form Builder

Name of the Vulnerable Software and Affected Versions: HIPAA Compliant Forms with Drag’n’Drop HIPAA Form Builder plugin for WordPress versions up to, and including, 1.3.4 Description: The issue is related to Stored Cross-Site Scripting via the plugin's 'hipaatizer' shortcode due to insufficient...

WordPress Formidable Forms Plugin <= 6.16.1.2 is vulnerable to Cross Site Scripting (XSS)

Software Formidable Forms Type Plugin Vulnerable versions = 6.16.1.2 Fixed in 6.16.2 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-11188 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 7e72b3f5e2de Credits mikemyers...

WordPress Formidable Forms plugin < 6.14.1 - Admin+ Stored XSS vulnerability

Admin+ Stored XSS vulnerability discovered by Krugov Artyom in WordPress Plugin Formidable Forms versions 6.14.1...

CVE-2024-9768

The Formidable Forms WordPress plugin before 6.14.1 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

CVE-2024-9768

The Formidable Forms WordPress plugin before 6.14.1 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

CVE-2024-9768 Formidable Forms < 6.14.1 - Admin+ Stored XSS

The Formidable Forms WordPress plugin before 6.14.1 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

CVE-2024-9768 Formidable Forms < 6.14.1 - Admin+ Stored XSS

The Formidable Forms WordPress plugin before 6.14.1 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

CVE-2024-9768

Formidable Forms WordPress plugin prior to version 6.14.1 is affected: it does not sanitize/escape certain settings, enabling Stored XSS by high-privilege users (e.g., admins) even when unfiltered_html is disallowed (such as in multisite). Impact is a stored XSS vector within plugin settings; rem...

WordPress Formidable Forms Plugin < 6.14.1 is vulnerable to Cross Site Scripting (XSS)

Software Formidable Forms Type Plugin Vulnerable versions 6.14.1 Fixed in 6.14.1 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-9768 Patch priority Low CVSS severity Low 5.9 Developer Claim ownership PSID 929c3f675f30 Credits Krugov Artyom Required...

WordPress plugin Formidable Forms 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...

PT-2024-39830 · WordPress · Formidable Forms

Name of the Vulnerable Software and Affected Versions: Formidable Forms WordPress plugin versions prior to 6.14.1 Description: The issue allows high privilege users, such as admins, to perform Stored Cross-Site Scripting attacks. This can occur even when the unfiltered html capability is...

django-cms-qe (>=1.4.3 <=3.7.2), django-crunch (=0.1.12) +8 more potentially affected by CVE-2024-11406 via djangocms-attributes-field (>=0.3.0 <=3.0.0)

djangocms-attributes-field PYPI version =0.3.0, =1.4.3, =0.6.2, =7.0.4, =1.0.0, =1.0.0, =2.0.0, =2.28.1, =0.1.0, =1.0.0b3 - taccsite-cms =3.6.0a0 Source cves: CVE-2024-11406 Source advisory: OSV:GHSA-VXCV-4XVF-PC22...

WordPress BSK Forms Validation plugin <= 1.7 - Reflected Cross Site Scripting (XSS) vulnerability

Reflected Cross Site Scripting XSS vulnerability discovered by Le Ngoc Anh in WordPress Plugin BSK Forms Validation versions = 1.7...

CVE-2024-8726

The MailChimp Forms by MailMunch plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of addqueryarg without appropriate escaping on the URL in all versions up to, and including, 3.2.3. This makes it possible for unauthenticated attackers to inject arbitrary web...

CVE-2024-8726 MailChimp Forms by MailMunch <= 3.2.3 - Reflected Cross-Site Scripting

The MailChimp Forms by MailMunch plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of addqueryarg without appropriate escaping on the URL in all versions up to, and including, 3.2.3. This makes it possible for unauthenticated attackers to inject arbitrary web...

CVE-2024-8726

CVE-2024-8726 : MailChimp Forms by MailMunch (WordPress) is vulnerable to Reflected Cross-Site Scripting due to improper escaping in URLs via add_query_arg in all versions up to and including 3.2.3. Unauthenticated attackers can inject scripts in pages that a user might trigger by clicking links,...

CVE-2024-8726 MailChimp Forms by MailMunch <= 3.2.3 - Reflected Cross-Site Scripting

The MailChimp Forms by MailMunch plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of addqueryarg without appropriate escaping on the URL in all versions up to, and including, 3.2.3. This makes it possible for unauthenticated attackers to inject arbitrary web...

WordPress plugin MailChimp Forms by MailMunch 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site scripting...

WordPress MailChimp Forms by MailMunch plugin <= 3.2.3 - Reflected Cross-Site Scripting vulnerability

Reflected Cross-Site Scripting vulnerability discovered by vgo0 in WordPress Plugin MailChimp Forms by MailMunch versions = 3.2.3...

GHSA-P7F6-8MCM-FWV3 Statamic CMS has a Path Traversal in Asset Upload

Assets uploaded with appropriately crafted filenames may result in them being placed in a location different than what was configured. Impact - Affects front-end forms with assets fields. - Affects other places where assets can be uploaded, although users would need upload permissions anyway. -...