CVE-2024-37463 WordPress CRM Perks Forms plugin <= 1.1.5 - Broken Access Control vulnerability

Missing Authorization vulnerability in CRM Perks CRM Perks Forms allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects CRM Perks Forms: from n/a through 1.1.5...

CVE-2024-37510 WordPress Donation Forms by Charitable plugin <= 1.8.1.7 - Broken Access Control vulnerability

Missing Authorization vulnerability in Charitable Donations & Fundraising Team Charitable allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Charitable: from n/a through 1.8.1.7...

CVE-2024-37506 WordPress Donation Forms by Charitable plugin <= 1.8.1.7 - Broken Access Control vulnerability

Missing Authorization vulnerability in Charitable Donations & Fundraising Team Charitable allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Charitable: from n/a through 1.8.1.7...

CVE-2024-43211 WordPress MailChimp Subscribe Form plugin <=4.0.9.9 - Stored Cross-Site Scripting vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in PluginOps MailChimp Subscribe Forms allows Stored XSS.This issue affects MailChimp Subscribe Forms : from n/a through 4.0.9.9...

CVE-2024-43211

CVE-2024-43211 is a Stored XSS vulnerability in the WordPress plugin MailChimp Subscribe Forms (versions up to and including 4.0.9.9; affected versions are listed as n/a through 4.0.9.9). The issue stems from improper neutralization of input during web page generation. Impact is described as cros...

CVE-2024-43973 WordPress Payment forms, Buy now buttons and Invoicing System plugin <= 2.8.11 - Broken Access Control vulnerability

Missing Authorization vulnerability in AyeCode Ltd GetPaid allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects GetPaid: from n/a through 2.8.11...

CVE-2024-43973 WordPress GetPaid plugin <= 2.8.11 - Broken Access Control vulnerability

Missing Authorization vulnerability in Stiofan GetPaid invoicing allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects GetPaid: from n/a through = 2.8.11...

PT-2024-27574 · Crm Perks · Crm Perks Forms

Name of the Vulnerable Software and Affected Versions: CRM Perks Forms versions 1.1.5 and earlier Description: The issue is related to a Missing Authorization vulnerability, which allows accessing functionality not properly constrained by ACLs. Recommendations: For CRM Perks Forms versions 1.1.5...

PT-2024-30374 · Pluginops · Pluginops Mailchimp Subscribe Forms

Name of the Vulnerable Software and Affected Versions: PluginOps MailChimp Subscribe Forms versions n/a through 4.0.9.9 Description: The issue is related to improper neutralization of input during web page generation, also known as Cross-site Scripting XSS. This allows for Stored XSS attacks...

WordPress plugin CRM Perks Forms 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...

WordPress plugin MailChimp Subscribe Forms 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed in the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site scripting...

CVE-2024-9700

The Forminator Forms – Contact Form, Payment Form & Custom Form Builder plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 1.36.0 via the submitquizzes function due to missing validation on the 'entryid' user controlled key. This makes it...

CVE-2024-9700

The Forminator Forms – Contact Form, Payment Form & Custom Form Builder plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 1.36.0 via the submitquizzes function due to missing validation on the 'entryid' user controlled key. This makes it...

CVE-2024-9700

CVE-2024-9700 affects the WordPress plugin “Forminator Forms – Contact Form, Payment Form & Custom Form Builder” and covers all versions up to and including 1.36.0. The vulnerability is an Insecure Direct Object Reference via the submit_quizzes() function, caused by missing validation on the entr...

CVE-2024-9700 Forminator Forms – Contact Form, Payment Form & Custom Form Builder <= 1.36.0 - Insecure Direct Object Reference to Submission Manipulation

The Forminator Forms – Contact Form, Payment Form & Custom Form Builder plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 1.36.0 via the submitquizzes function due to missing validation on the 'entryid' user controlled key. This makes it...

CVE-2024-9700 Forminator Forms – Contact Form, Payment Form & Custom Form Builder <= 1.36.0 - Insecure Direct Object Reference to Submission Manipulation

The Forminator Forms – Contact Form, Payment Form & Custom Form Builder plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 1.36.0 via the submitquizzes function due to missing validation on the 'entryid' user controlled key. This makes it...

WordPress plugin Forminator Forms 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...

SUSE-SU-2024:3810-1 Security update for python-Werkzeug

This update for python-Werkzeug fixes the following issues: - CVE-2024-49767: Fixed possible resource exhaustion when parsing file data in forms bsc1232449...

PT-2024-33148 · Unknown · Proactive Risk Manager

Name of the Vulnerable Software and Affected Versions: Proactive Risk Manager version 9.1.1.0 Description: The issue concerns multiple Cross-Site Scripting XSS vulnerabilities. These vulnerabilities are found in the add/edit form fields, specifically at URLs starting with the subpaths:...

PT-2024-39769 · WordPress · Forminator Forms

Name of the Vulnerable Software and Affected Versions: Forminator Forms – Contact Form, Payment Form & Custom Form Builder plugin for WordPress versions up to, and including, 1.36.0 Description: The issue is related to Insecure Direct Object Reference, which allows unauthenticated attackers to...