CVE-2024-10717

The Styler for Ninja Forms plugin for WordPress is vulnerable to unauthorized modification of data that can lead to a denial of service due to a missing capability check on the deactivatelicense function in all versions up to, and including, 3.3.4. This makes it possible for authenticated...

CVE-2024-10717 Styler for Ninja Forms <= 3.3.4 - Authenticated (Subscriber+) Arbitrary Option Deletion via deactivate_license

The Styler for Ninja Forms plugin for WordPress is vulnerable to unauthorized modification of data that can lead to a denial of service due to a missing capability check on the deactivatelicense function in all versions up to, and including, 3.3.4. This makes it possible for authenticated...

CVE-2024-10717

CVE-2024-10717 - Styler for Ninja Forms (WordPress) Affected: Styler for Ninja Forms plugin for WordPress, all versions up to and including 3.3.4. Root cause: Missing capability check in the deactivate_license function enables unauthorized modification of data by authenticated users with Subscrib...

CVE-2024-9614 Constant Contact Forms by MailMunch <= 2.1.2 - Reflected Cross-Site Scripting

The Constant Contact Forms by MailMunch plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of addqueryarg without appropriate escaping on the URL in all versions up to, and including, 2.1.2. This makes it possible for unauthenticated attackers to inject arbitrary...

CVE-2024-9614 Constant Contact Forms by MailMunch <= 2.1.2 - Reflected Cross-Site Scripting

The Constant Contact Forms by MailMunch plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of addqueryarg without appropriate escaping on the URL in all versions up to, and including, 2.1.2. This makes it possible for unauthenticated attackers to inject arbitrary...

CVE-2024-9614

CVE-2024-9614 affects the WordPress plugin Constant Contact Forms by MailMunch. It is a Reflected Cross-Site Scripting (XSS) vulnerability caused by improper escaping in add_query_arg across all versions up to 2.1.2. Unauthenticated attackers can induce user-visible script execution by tricking a...

PT-2024-39719 · Mailmunch · Constant Contact Forms By Mailmunch

Name of the Vulnerable Software and Affected Versions: Constant Contact Forms by MailMunch plugin for WordPress versions up to, and including, 2.1.2 Description: The issue arises from the use of add query arg without proper escaping on the URL, allowing unauthenticated attackers to inject arbitra...

WordPress plugin Styler for Ninja Forms 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security...

WordPress plugin Constant Contact Forms by MailMunch 跨站脚本漏洞

WordPress and WordPress plugin are products of the WordPress Foundation, a blogging platform developed in PHP. WordPress plugin is an application plugin that supports personal blog sites on PHP and MySQL servers. A cross-site scripting vulnerability exists in the WordPress plugin Constant Contact...

PT-2024-16487 · WordPress · The Styler For Ninja Forms

Name of the Vulnerable Software and Affected Versions: The Styler for Ninja Forms plugin for WordPress versions up to, and including, 3.3.4 Description: The issue allows unauthorized modification of data, potentially leading to a denial of service, due to a missing capability check on the...

WordPress Constant Contact Forms by MailMunch plugin <= 2.1.2 - Reflected Cross-Site Scripting vulnerability

Reflected Cross-Site Scripting vulnerability discovered by vgo0 in WordPress Plugin Constant Contact Forms by MailMunch versions = 2.1.2...

WordPress Styler for Ninja Forms plugin <= 3.3.4 - Authenticated (Subscriber+) Arbitrary Option Deletion via deactivate_license vulnerability

Authenticated Subscriber+ Arbitrary Option Deletion via deactivatelicense vulnerability discovered by Arkadiusz Hydzik in WordPress Plugin Styler for Ninja Forms versions = 3.3.4...

WordPress Constant Contact Forms by MailMunch Plugin <= 2.1.2 is vulnerable to Cross Site Scripting (XSS)

Software Constant Contact Forms by MailMunch Type Plugin Vulnerable versions = 2.1.2 Fixed in N/A OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-9614 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 53dd5edc8197 Credits...

WordPress Styler for Ninja Forms Plugin <= 3.3.4 is vulnerable to Settings Change

Software Styler for Ninja Forms Type Plugin Vulnerable versions = 3.3.4 Fixed in N/A OWASP Top 10 A7: Identification and Authentication Failures Classification Settings Change CVE CVE-2024-10717 Patch priority Medium CVSS severity Medium 6.5 Developer Claim ownership PSID 2b68f06a005e Credits...

CVE-2024-51791

Unrestricted Upload of File with Dangerous Type vulnerability in Made I.T. Forms allows Upload a Web Shell to a Web Server.This issue affects Forms: from n/a through 2.8.0...

CVE-2024-51791

Unrestricted Upload of File with Dangerous Type vulnerability in Made I.T. Forms forms-by-made-it allows Upload a Web Shell to a Web Server.This issue affects Forms: from n/a through = 2.8.0...

CVE-2024-51791 WordPress Forms plugin <= 2.8.0 - Arbitrary File Upload vulnerability

Unrestricted Upload of File with Dangerous Type vulnerability in Made I.T. Forms allows Upload a Web Shell to a Web Server.This issue affects Forms: from n/a through 2.8.0...

CVE-2024-51791 WordPress Forms plugin <= 2.8.0 - Arbitrary File Upload vulnerability

Unrestricted Upload of File with Dangerous Type vulnerability in Made I.T. Forms forms-by-made-it allows Upload a Web Shell to a Web Server.This issue affects Forms: from n/a through = 2.8.0...

CVE-2024-51791

CVE-2024-51791 is an unauthenticated arbitrary file upload vulnerability in the WordPress Forms plugin by Made I.T. Forms (versions

WordPress plugin Forms 代码问题漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A code issue vulnerability...