CVE-2024-51783

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in zaus Forms: 3rd-Party Post Again forms-3rdparty-post-again allows Reflected XSS.This issue affects Forms: 3rd-Party Post Again: from n/a through = 0.3...

CVE-2024-51783 WordPress Forms: 3rd-Party Post Again plugin <= 0.3 - Reflected Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in zaus Forms: 3rd-Party Post Again allows Reflected XSS.This issue affects Forms: 3rd-Party Post Again: from n/a through 0.3...

CVE-2024-51783 WordPress Forms: 3rd-Party Post Again plugin <= 0.3 - Reflected Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in zaus Forms: 3rd-Party Post Again forms-3rdparty-post-again allows Reflected XSS.This issue affects Forms: 3rd-Party Post Again: from n/a through = 0.3...

CVE-2024-51783

CVE-2024-51783 – Forms: 3rd-Party Post Again shows Reflected XSS via improper input neutralization in the Forms: 3rd-Party Post Again WordPress plugin (affected versions up to 0.3). The vulnerability affects how user-supplied input is echoed during web page generation, enabling injection of scrip...

WordPress plugin Forms: 3rd-Party Post Again 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. WordPress plugin is an application plugin that supports personal blog sites on PHP and MySQL servers. A cross-site scripting vulnerability exists in...

PT-2024-34909 · Unknown · Zaus Forms: 3Rd-Party Post Again

Name of the Vulnerable Software and Affected Versions: zaus Forms: 3rd-Party Post Again versions n/a through 0.3 Description: The issue is related to Improper Neutralization of Input During Web Page Generation, also known as Cross-site Scripting XSS. This allows for Reflected XSS in zaus Forms:...

WordPress Website remote Install vor Gravity, WPForms, Formidable, Ninja, Caldera plugin <= 4.0 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by SOPROBRO Patchstack Alliance in WordPress Plugin Website remote Install vor Gravity, WPForms, Formidable, Ninja, Caldera versions = 4.0...

WordPress Mage Front End Forms plugin <= 1.1.4 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by SOPROBRO Patchstack Alliance in WordPress Plugin Mage Front End Forms versions = 1.1.4...

WordPress SV Forms plugin <= 2.0.05 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by Joshua Chan Patchstack Alliance in WordPress Plugin SV Forms versions = 2.0.05...

WordPress Forms plugin <= 2.8.0 - Arbitrary File Upload vulnerability

Arbitrary File Upload vulnerability discovered by stealthcopter Patchstack Alliance in WordPress Plugin Forms versions = 2.8.0...

WordPress SV Forms Plugin <= 2.0.05 is vulnerable to Cross Site Scripting (XSS)

Software SV Forms Type Plugin Vulnerable versions = 2.0.05 Fixed in N/A OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-51877 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 7bf14e1f9476 Credits Joshua Chan Required privilege Contributor...

PT-2024-39521 · WordPress · The User Meta

Name of the Vulnerable Software and Affected Versions: The User Meta – User Profile Builder and User management plugin for WordPress versions up to, and including, 3.1 Description: The issue is related to Insecure Direct Object Reference, which can be exploited by authenticated attackers with...

WordPress Forms Plugin <= 2.8.0 is vulnerable to Arbitrary File Upload

Software Forms Type Plugin Vulnerable versions = 2.8.0 Fixed in 2.8.1 OWASP Top 10 A3: Injection Classification Arbitrary File Upload CVE CVE-2024-51791 Patch priority High CVSS severity High 10 Developer Claim ownership PSID 0594a374dbac Credits stealthcopter Required privilege Unauthenticated...

WordPress Mage Front End Forms Plugin <= 1.1.4 is vulnerable to Cross Site Scripting (XSS)

Software Mage Front End Forms Type Plugin Vulnerable versions = 1.1.4 Fixed in N/A OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-52339 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 411709dfd335 Credits SOPROBRO Required privilege...

WordPress Forms: 3rd-Party Post Again plugin <= 0.3 - Reflected Cross Site Scripting (XSS) vulnerability

Reflected Cross Site Scripting XSS vulnerability discovered by João Pedro Soares de Alcântara - Kinorth Patchstack Alliance in WordPress Plugin Forms: 3rd-Party Post Again versions = 0.3...

WordPress Forms: 3rd-Party Post Again Plugin <= 0.3 is vulnerable to Cross Site Scripting (XSS)

Software Forms: 3rd-Party Post Again Type Plugin Vulnerable versions = 0.3 Fixed in N/A OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-51783 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 0af0ceb02a42 Credits João Pedro S Alcântara...

CVE-2024-43211

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in PluginOps MailChimp Subscribe Forms allows Stored XSS.This issue affects MailChimp Subscribe Forms : from n/a through 4.0.9.9...

CVE-2024-37463

Missing Authorization vulnerability in CRM Perks CRM Perks Forms allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects CRM Perks Forms: from n/a through 1.1.5...

CVE-2024-37463 WordPress CRM Perks Forms plugin <= 1.1.5 - Broken Access Control vulnerability

Missing Authorization vulnerability in CRM Perks CRM Perks Forms allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects CRM Perks Forms: from n/a through 1.1.5...

CVE-2024-37463

CVE-2024-37463 is a Missing Authorization vulnerability in the WordPress plugin CRM Perks Forms (affected: 1.1.5 and earlier). The CVE description and related sources confirm this is a Broken Access Control issue where functionality is not properly constrained by ACLs, allowing unauthenticated ac...