DEBIAN-CVE-2024-47874

Starlette is an Asynchronous Server Gateway Interface ASGI framework/toolkit. Prior to version 0.40.0, Starlette treats multipart/form-data parts without a filename as text form fields and buffers those in byte strings with no size limit. This allows an attacker to upload arbitrary large form...

CVE-2024-9944

The WooCommerce plugin for WordPress is vulnerable to HTML Injection in all versions up to, and including, 9.0.2. This is due to the plugin not properly neutralizing HTML elements from submitted order forms. This makes it possible for unauthenticated attackers to inject arbitrary HTML that will...

CVE-2024-9944

CVE-2024-9944 – WooCommerce for WordPress : HTML Injection in all versions up to 9.0.2 caused by insufficient HTML neutralization in submitted order forms. Exploitation could render injected HTML when an admin views orders. The issue is publicly detailed across multiple sources (Wordfence, NVD, P...

PT-2024-10748 · Siteground · Siteground Optimizer

Name of the Vulnerable Software and Affected Versions: SiteGround Optimizer plugin for WordPress versions up to 5.0.12 Caldera Forms versions prior to the latest update Description: The vulnerability is related to authorization bypass, leading to Remote Code Execution and Local File Inclusion. Th...

PT-2024-15271 · WordPress · The Paytium: Mollie Payment Forms & Donations

Name of the Vulnerable Software and Affected Versions: The Paytium: Mollie payment forms & donations plugin for WordPress versions up to, and including, 4.3.7 Description: The issue is related to unauthorized access of data due to a missing capability check on the check for verified profiles...

WordPress Contact Forms, Live Support, CRM, Video Messages plugin <= 1.10.2 - Sensitive Data Exposure vulnerability

Sensitive Data Exposure vulnerability discovered by Joshua Chan Patchstack Alliance in WordPress Plugin Contact Forms, Live Support, CRM, Video Messages versions = 1.10.2...

PT-2024-39957 · WordPress · Woocommerce

Name of the Vulnerable Software and Affected Versions: WooCommerce plugin for WordPress versions up to, and including, 9.0.2 Description: The issue arises from the plugin not properly neutralizing HTML elements from submitted order forms, making it possible for unauthenticated attackers to inject...

WordPress Forms for Mailchimp by Optin Cat Plugin <= 2.5.6 is vulnerable to Cross Site Scripting (XSS)

Software Forms for Mailchimp by Optin Cat Type Plugin Vulnerable versions = 2.5.6 Fixed in N/A OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-7489 Patch priority Low CVSS severity Low 5.9 Developer Claim ownership PSID 2fb4093a4680 Credits mike harr...

WordPress Contact Forms, Live Support, CRM, Video Messages Plugin <= 1.10.2 is vulnerable to Sensitive Data Exposure

Software Contact Forms, Live Support, CRM, Video Messages Type Plugin Vulnerable versions = 1.10.2 Fixed in 1.11.1 OWASP Top 10 A8: Software and Data Integrity Failures Classification Sensitive Data Exposure CVE CVE-2024-49235 Patch priority Low CVSS severity Low 7.5 Developer Claim ownership PSI...

CVE-2024-7489

The Forms for Mailchimp by Optin Cat – Grow Your MailChimp List plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the form color parameters in all versions up to, and including, 2.5.7 due to insufficient input sanitization and output escaping. This makes it possible for...

CVE-2024-7489 Forms for Mailchimp by Optin Cat <= 2.5.7 - Authenticated (Editor+) Stored Cross-Site Scripting via Form Color Parameters

The Forms for Mailchimp by Optin Cat – Grow Your MailChimp List plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the form color parameters in all versions up to, and including, 2.5.7 due to insufficient input sanitization and output escaping. This makes it possible for...

CVE-2024-7489 Forms for Mailchimp by Optin Cat <= 2.5.7 - Authenticated (Editor+) Stored Cross-Site Scripting via Form Color Parameters

The Forms for Mailchimp by Optin Cat – Grow Your MailChimp List plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the form color parameters in all versions up to, and including, 2.5.7 due to insufficient input sanitization and output escaping. This makes it possible for...

WordPress plugin Forms for Mailchimp by Optin Cat 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed in the PHP language. WordPress plugin is an application plugin that supports personal blogs on PHP and MySQL servers. A cross-site scripting vulnerability exists in WordPress...

Cross-site Scripting (XSS)

Overview magento/community-edition is a modern cloud eCommerce platform. Affected versions of this package are vulnerable to Cross-site Scripting XSS through the manipulation of vulnerable form fields. An attacker with administrative privileges can inject malicious scripts, which are then execute...

Cross-site Scripting (XSS)

Overview magento/community-edition is a modern cloud eCommerce platform. Affected versions of this package are vulnerable to Cross-site Scripting XSS via specially crafted links or forms. An attacker can execute arbitrary scripts within the victim's browser by tricking a user into clicking a link...

CVE-2024-8477 Newsletter, SMTP, Email marketing and Subscribe forms by Brevo (formely Sendinblue) <= 3.1.87 - Cross-Site Request Forgery

The Newsletter, SMTP, Email marketing and Subscribe forms by Brevo formely Sendinblue plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 3.1.87. This is due to missing or incorrect nonce validation on the Init function. This makes it possible fo...

WordPress plugin Newsletter, SMTP, Email marketing and Subscribe forms by Brevo 安全漏洞

WordPress and WordPress plugin are products of the WordPress Foundation, a blogging platform developed in the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A security vulnerability exists in the WordPress plugin...

CVE-2024-47300

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Imran Tauqeer CubeWP Forms cubewp-forms allows Stored XSS.This issue affects CubeWP Forms: from n/a through = 1.1.1...

CVE-2024-47300 WordPress CubeWP Forms plugin <= 1.1.1 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in CubeWP CubeWP Forms – All-in-One Form Builder allows Stored XSS.This issue affects CubeWP Forms – All-in-One Form Builder: from n/a through 1.1.1...

CVE-2024-47300

CVE-2024-47300 affects CubeWP Forms – All-in-One Form Builder (WordPress plugin) up to version 1.1.1, with an Unauthenticated Stored XSS due to improper neutralization during web page generation. The issue allows stored cross-site scripting and has a CVSS v3.1 base score of 7.1 (High). Patch/miti...