CVE-2024-9352 Forminator Forms – Contact Form, Payment Form & Custom Form Builder <= 1.35.1 - Cross-Site Request Forgery to Draft Custom Form Creation

The Forminator Forms – Contact Form, Payment Form & Custom Form Builder plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.35.1. This is due to missing or incorrect nonce validation on the custom form 'createmodule' function. This makes it...

WordPress GetResponse Forms Plugin <= 2.5.6 is vulnerable to Cross Site Scripting (XSS)

Software GetResponse Forms Type Plugin Vulnerable versions = 2.5.6 Fixed in N/A OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-8740 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID ed6ce5de6c1f Credits vgo0 Required...

PT-2024-33372 · Videowhisper.Com · Videowhisper.Com Contact Forms +3

Name of the Vulnerable Software and Affected Versions: VideoWhisper.Com Contact Forms, Live Support, CRM, Video Messages versions 1.10.2 and earlier Description: The issue allows the retrieval of embedded sensitive data due to the insertion of sensitive information into sent data. This affects...

WordPress plugin Forminator Forms 跨站请求伪造漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers running PHP and MySQL. WordPress plugin is an application plugin. A cross-site request forgery...

WordPress plugin Forminator Forms 跨站请求伪造漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers running PHP and MySQL. WordPress plugin is an application plugin. A cross-site request forgery...

WordPress Forminator Forms plugin <= 1.35.1 - Cross-Site Request Forgery to Draft Custom Form Creation vulnerability

Cross-Site Request Forgery to Draft Custom Form Creation vulnerability discovered by Vijaysimha Reddy vijaysimha in WordPress Plugin Forminator versions = 1.35.1...

CVE-2024-9061

The CVE CVE-2024-9061 affects the WordPress plugin WP Popup Builder – Popup Forms and Marketing Lead Generation. It allows unauthenticated users to perform arbitrary shortcode execution via the wp_ajax_nopriv_shortcode_Api_Add AJAX action in all versions up to 1.3.5, due to inadequate validation ...

CVE-2023-7294

The Paytium: Mollie payment forms & donations plugin for WordPress is vulnerable to unauthorized data modification due to a missing capability check on the createmollieprofile function in versions up to, and including, 4.3.7. This makes it possible for authenticated attackers with subscriber-leve...

CVE-2023-7293

The Paytium: Mollie payment forms & donations plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the checkmollieaccountdetails function in versions up to, and including, 4.3.7. This makes it possible for authenticated attackers with...

CVE-2023-7292 Paytium: Mollie payment forms & donations <= 4.3.7 - Missing Authorization in 'paytium_notice_dismiss'

The Paytium: Mollie payment forms & donations plugin for WordPress is vulnerable to unauthorized notification dismissal due to a missing capability check on the paytiumnoticedismiss function in versions up to, and including, 4.3.7. This makes it possible for authenticated attackers with...

CVE-2023-7290 Paytium: Mollie payment forms & donations <= 4.3.7 - Missing Authorization in 'check_for_verified_profiles'

The Paytium: Mollie payment forms & donations plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the checkforverifiedprofiles function in versions up to, and including, 4.3.7. This makes it possible for authenticated attackers with...

CVE-2023-7289 Paytium: Mollie payment forms & donations <= 4.3.7 - Missing Authorization in 'paytium_sw_save_api_keys'

The Paytium: Mollie payment forms & donations plugin for WordPress is vulnerable to unauthorized API key update due to a missing capability check on the paytiumswsaveapikeys function in versions up to, and including, 4.3.7. This makes it possible for authenticated attackers with subscriber-level...

GitHub Patches Critical Flaw in Enterprise Server Allowing Unauthorized Instance Access

GitHub has released security updates for Enterprise Server GHES to address multiple issues, including a critical bug that could allow unauthorized access to an instance. The vulnerability, tracked as CVE-2024-9487, carries a CVS score of 9.5 out of a maximum of 10.0 "An attacker could bypass SAML...

PT-2024-10603 · WordPress · Formidable Form Builder

Name of the Vulnerable Software and Affected Versions: Formidable Form Builder plugin for WordPress versions up to, and including, 2.05.03 Description: The issue allows unauthenticated attackers to export all form entries for a given form via the frm forms preview AJAX action. This enables the...

WordPress plugin Paytium: Mollie payment forms & donations 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed in the PHP language. WordPress plugin is an application plugin that supports personal blogs on PHP and MySQL servers. A security vulnerability exists in the WordPress plugin...

VulnCheck KEV: CVE-2023-7289

The Paytium: Mollie payment forms & donations plugin for WordPress is vulnerable to unauthorized API key update due to a missing capability check on the paytiumswsaveapikeys function in versions up to, and including, 4.3.7. This makes it possible for authenticated attackers with...

WordPress plugin Paytium: Mollie payment forms & donations 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed in the PHP language. WordPress plugin is an application plugin that supports personal blogs on PHP and MySQL servers. A security vulnerability exists in the WordPress plugin...

PT-2024-39586 · WordPress · The Forminator Forms

Name of the Vulnerable Software and Affected Versions: The Forminator Forms – Contact Form, Payment Form & Custom Form Builder plugin for WordPress versions up to, and including, 1.35.1 Description: The issue is related to Cross-Site Request Forgery due to missing or incorrect nonce validation on...

WordPress plugin Paytium: Mollie payment forms & donations 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed in the PHP language. WordPress plugin is an application plugin that supports personal blogs on PHP and MySQL servers. A security vulnerability exists in the WordPress plugin...

PT-2024-39587 · WordPress · The Forminator Forms

Name of the Vulnerable Software and Affected Versions: The Forminator Forms – Contact Form, Payment Form & Custom Form Builder plugin for WordPress versions up to, and including, 1.35.1 Description: The issue is related to Cross-Site Request Forgery due to missing or incorrect nonce validation on...