WordPress Flaming Forms Plugin <= 1.0.1 is vulnerable to Cross Site Scripting (XSS)

Software Flaming Forms Type Plugin Vulnerable versions = 1.0.1 Fixed in N/A OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-7691 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 74ab02fc965d Credits Bob Matyas Required...

WordPress Ninja Forms Plugin 3.8.6-3.8.10 is vulnerable to Cross Site Scripting (XSS)

Software Ninja Forms Type Plugin Vulnerable versions 3.8.6-3.8.10 Fixed in 3.8.11 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE N/A Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 9b1a720170de Credits Erwan LR WPScan Required privilege...

WordPress Flaming Forms Plugin <= 1.0.1 is vulnerable to Cross Site Scripting (XSS)

Software Flaming Forms Type Plugin Vulnerable versions = 1.0.1 Fixed in N/A OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-7692 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 2875f02b2e42 Credits Bob Matyas Required...

CVE-2024-7692

The Flaming Forms WordPress plugin through 1.0.1 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin...

CVE-2024-7354

The Ninja Forms WordPress plugin before 3.8.11 does not escape an URL before outputting it back in an attribute, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin...

CVE-2024-7691

The Flaming Forms WordPress plugin through 1.0.1 does not sanitise and escape some parameters, which could allow unauthenticated users to perform Cross-Site Scripting attacks against administrators...

CVE-2024-7354

The Ninja Forms WordPress plugin before 3.8.11 does not escape an URL before outputting it back in an attribute, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin...

CVE-2024-7692

The Flaming Forms WordPress plugin through 1.0.1 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin...

CVE-2024-7691

The Flaming Forms WordPress plugin through 1.0.1 does not sanitise and escape some parameters, which could allow unauthenticated users to perform Cross-Site Scripting attacks against administrators...

CVE-2024-7692 Flaming Forms <= 1.0.1 - Reflected XSS

The Flaming Forms WordPress plugin through 1.0.1 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin...

CVE-2024-7692 Flaming Forms <= 1.0.1 - Reflected XSS

The Flaming Forms WordPress plugin through 1.0.1 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin...

CVE-2024-7691 Flaming Forms <= 1.0.1 - Unauthenticated Stored XSS

The Flaming Forms WordPress plugin through 1.0.1 does not sanitise and escape some parameters, which could allow unauthenticated users to perform Cross-Site Scripting attacks against administrators...

CVE-2024-7691

CVE-2024-7691 relates to the Flaming Forms WordPress plugin (versions

CVE-2024-7692

CVE-2024-7692 : Flaming Forms WordPress plugin up to 1.0.1 suffers a reflected XSS due to insufficient sanitization/escaping of a parameter before echoing it on the page. Impact stated as exposure against high-privilege users (admin). Public details do not specify a patched version or fix in the ...

CVE-2024-7691 Flaming Forms <= 1.0.1 - Unauthenticated Stored XSS

The Flaming Forms WordPress plugin through 1.0.1 does not sanitise and escape some parameters, which could allow unauthenticated users to perform Cross-Site Scripting attacks against administrators...

CVE-2024-7354

CVE-2024-7354 affects Ninja Forms for WordPress prior to 3.8.11. The issue is that the plugin does not escape a URL before printing it within an HTML attribute, enabling a reflected XSS attack that could target high-privilege users (e.g., admins). The NVD/NIST entry documents a CVSS 3.1 base scor...

CVE-2024-7354 Ninja Forms 3.8.6-3.8.10 - Reflected XSS

The Ninja Forms WordPress plugin before 3.8.11 does not escape an URL before outputting it back in an attribute, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin...

CVE-2024-7354 Ninja Forms 3.8.6-3.8.10 - Reflected XSS

The Ninja Forms WordPress plugin before 3.8.11 does not escape an URL before outputting it back in an attribute, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin...

WordPress plugin Ninja Forms 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...

WordPress plugin DN Popup 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security...