CVE-2024-3866 Ninja Forms Contact Form <= 3.8.15 - Reflected Self-Based Cross-Site Scripting via Referer

The Ninja Forms Contact Form plugin for WordPress is vulnerable to Reflected Self-Based Cross-Site Scripting via the 'Referer' header in all versions up to, and including, 3.8.15 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to...

CVE-2024-3866 Ninja Forms Contact Form <= 3.8.15 - Reflected Self-Based Cross-Site Scripting via Referer

The Ninja Forms Contact Form plugin for WordPress is vulnerable to Reflected Self-Based Cross-Site Scripting via the 'Referer' header in all versions up to, and including, 3.8.15 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to...

CVE-2024-3866

CVE-2024-3866 refers to the Ninja Forms Contact Form plugin for WordPress, vulnerable up to version 3.8.15. The issue is a Reflected Self-Based Cross-Site Scripting via the Referer header caused by insufficient input sanitization and output escaping. It can allow unauthenticated attackers to inje...

WordPress plugin Ninja Forms Contact Form 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation. WordPress is a blogging platform developed in the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL. WordPress plugin is an application plugin. A cross-site scripting...

WordPress Ninja Forms Plugin <= 3.8.15 is vulnerable to Cross Site Scripting (XSS)

Software Ninja Forms Type Plugin Vulnerable versions = 3.8.15 Fixed in 3.8.16 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-3866 Patch priority Low CVSS severity Low 7.1 Developer Claim ownership PSID 8846b83daea8 Credits wesley wcraft Required...

WordPress CubeWP Forms plugin <= 1.1.1 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by hunter85 Patchstack Alliance in WordPress Plugin CubeWP Forms versions = 1.1.1...

CVE-2024-8791

The Donation Forms by Charitable – Donations Plugin & Fundraising Platform for WordPress plugin for WordPress is vulnerable to privilege escalation in all versions up to, and including, 1.8.1.14. This is due to the plugin not properly verifying a user's identity when the ID parameter is supplied...

CVE-2024-8791

The Donation Forms by Charitable – Donations Plugin & Fundraising Platform for WordPress plugin for WordPress is vulnerable to privilege escalation in all versions up to, and including, 1.8.1.14. This is due to the plugin not properly verifying a user's identity when the ID parameter is supplied...

CVE-2024-8791

CVE-2024-8791 affects Charitable – Donation Plugin for WordPress (versions

CVE-2024-8791 Donation Forms by Charitable – Donations Plugin & Fundraising Platform for WordPress <= 1.8.1.14 - Insecure Direct Object Reference to Account Takeover and Privilege Escalation

The Donation Forms by Charitable – Donations Plugin & Fundraising Platform for WordPress plugin for WordPress is vulnerable to privilege escalation in all versions up to, and including, 1.8.1.14. This is due to the plugin not properly verifying a user's identity when the ID parameter is supplied...

PT-2024-28105 · WordPress · Ninja Forms Contact Form

Name of the Vulnerable Software and Affected Versions: Ninja Forms Contact Form plugin for WordPress versions up to, and including, 3.8.15 Description: The issue is related to Reflected Self-Based Cross-Site Scripting via the 'Referer' header due to insufficient input sanitization and output...

WordPress CubeWP Forms – All-in-One Form Builder Plugin <= 1.1.1 is vulnerable to Cross Site Scripting (XSS)

Software CubeWP Forms – All-in-One Form Builder Type Plugin Vulnerable versions = 1.1.1 Fixed in 1.1.2 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-47300 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 126f1788c7ef Credits hunter85...

PT-2024-39255 · WordPress · Donation Forms By Charitable

Name of the Vulnerable Software and Affected Versions: Donation Forms by Charitable – Donations Plugin & Fundraising Platform for WordPress versions up to, and including, 1.8.1.14 Description: The issue is due to the plugin not properly verifying a user's identity when the ID parameter is supplie...

WordPress plugin Donation Forms by Charitable 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin ... A security vulnerability...

The vulnerability of the Forms component in Microsoft Edge and Google Chrome browsers allows attackers to access sensitive data, compromise its integrity, and cause service interruptions.

The vulnerability of the Forms component in Microsoft Edge and Google Chrome relates to the use of memory after it is freed. Exploiting this vulnerability allows an attacker to gain access to confidential data, compromise its integrity, and cause service interruptions through a specially created...

CVE-2024-43999

Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in Saturday Drive Ninja Forms allows Stored XSS.This issue affects Ninja Forms: from n/a through 3.8.11...

CVE-2024-43999

Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in Saturday Drive Ninja Forms allows Stored XSS.This issue affects Ninja Forms: from n/a through 3.8.11...

CVE-2024-43999 WordPress Ninja Forms plugin <= 3.8.11 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in Saturday Drive Ninja Forms allows Stored XSS.This issue affects Ninja Forms: from n/a through 3.8.11...

CVE-2024-43999

CVE-2024-43999 pertains to Ninja Forms (WordPress plugin) prior to or equal to 3.8.11 and is described as a Stored XSS vulnerability caused by improper input neutralization during web page generation. The CVE details indicate the issue affects Ninja Forms: from n/a through 3.8.11, with CVSSv3.1 b...

CVE-2024-43999 WordPress Ninja Forms plugin <= 3.8.11 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in Saturday Drive Ninja Forms allows Stored XSS.This issue affects Ninja Forms: from n/a through 3.8.11...