WordPress plugin Flaming Forms 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...

CVE-2024-5053

The Contact Form Plugin by Fluent Forms for Quiz, Survey, and Drag & Drop WP Form Builder plugin for WordPress is vulnerable to unauthorized Malichimp API key update due to an insufficient capability check on the verifyRequest function in all versions up to, and including, 5.1.18. This makes it...

CVE-2024-5053

The Contact Form Plugin by Fluent Forms for Quiz, Survey, and Drag & Drop WP Form Builder plugin for WordPress is vulnerable to unauthorized Malichimp API key update due to an insufficient capability check on the verifyRequest function in all versions up to, and including, 5.1.18. This makes it...

CVE-2024-5053 Contact Form Plugin by Fluent Forms for Quiz, Survey, and Drag & Drop WP Form Builder <= 5.1.18 - Missing Authorization to Authenticated (Subscriber+) Mailchimp Integration Modification

The Contact Form Plugin by Fluent Forms for Quiz, Survey, and Drag & Drop WP Form Builder plugin for WordPress is vulnerable to unauthorized Malichimp API key update due to an insufficient capability check on the verifyRequest function in all versions up to, and including, 5.1.18. This makes it...

CVE-2024-5053

CVE-2024-5053 affects the Contact Form Plugin by Fluent Forms for Quiz, Survey, and Drag & Drop WP Form Builder on WordPress. Root cause is an insufficient capability check in verifyRequest, enabling Form Managers with Subscriber+ roles to modify the Mailchimp API key and potentially redirect int...

PT-2024-38514 · WordPress · Flaming Forms

Name of the Vulnerable Software and Affected Versions: Flaming Forms WordPress plugin versions 1.0.0 through 1.0.1 Description: The issue is related to a Reflected Cross-Site Scripting problem. It occurs because a parameter is not properly sanitised and escaped before being outputted back in the...

WordPress plugin Fluent Forms 授权问题漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. An authorization issue...

PT-2024-38285 · WordPress · Ninja Forms

Name of the Vulnerable Software and Affected Versions: Ninja Forms versions prior to 3.8.11 Description: The issue is related to a Reflected Cross-Site Scripting that could be used against high privilege users such as admin. This occurs because the Ninja Forms WordPress plugin does not escape an...

PT-2024-38513 · WordPress · Flaming Forms

Name of the Vulnerable Software and Affected Versions: Flaming Forms WordPress plugin versions 1.0.1 and earlier Description: The issue is related to the Flaming Forms WordPress plugin, which does not properly sanitise and escape certain parameters. This could allow unauthenticated users to perfo...

PT-2024-34307 · Unknown · Fluent Forms

Name of the Vulnerable Software and Affected Versions: Fluent Forms versions up to, and including, 5.1.18 Description: The issue is related to an insufficient capability check on the verifyRequest function, allowing Form Managers with a Subscriber-level access and above to modify the Mailchimp AP...

WordPress Custom-contact-forms Plugin SQL Upload

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'WordPress custom-contact-forms Plugin SQL Upload', 'Description' = %q The WordPress custom-contact-forms plugin 'Marc-Alexandre Montpas',...

GHSA-9JQR-5X45-PGW8 Powermail TYPO3 extension Broken Access Control in the OutputController

An issue was discovered in powermail extension through 12.3.5 for TYPO3. Several actions in the OutputController can directly be called, due to missing or insufficiently implemented access checks, resulting in Broken Access Control. Depending on the configuration of the Powermail Frontend plugins...

WordPress Ninja Forms plugin <= 3.8.11 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by Joel Indra Patchstack Alliance in WordPress Plugin Ninja Forms versions = 3.8.11...

WordPress GetPaid plugin <= 2.8.11 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by Muhammad Daffa in WordPress Plugin GetPaid versions = 2.8.11...

WordPress Ninja Forms Plugin <= 3.8.11 is vulnerable to Cross Site Scripting (XSS)

Software Ninja Forms Type Plugin Vulnerable versions = 3.8.11 Fixed in 3.8.12 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-43999 Patch priority Low CVSS severity Low 5.9 Developer Claim ownership PSID f7b73633135b Credits Joel Indra Required privilege...

CVE-2024-43287

Cross-Site Request Forgery CSRF vulnerability in Brevo Newsletter, SMTP, Email marketing and Subscribe forms by Sendinblue.This issue affects Newsletter, SMTP, Email marketing and Subscribe forms by Sendinblue: from n/a through 3.1.82...

CVE-2024-43287

Cross-Site Request Forgery CSRF vulnerability in Brevo Newsletter, SMTP, Email marketing and Subscribe forms by Sendinblue.This issue affects Newsletter, SMTP, Email marketing and Subscribe forms by Sendinblue: from n/a through 3.1.82...

CVE-2024-39628

Cross-Site Request Forgery CSRF vulnerability in Saturday Drive Ninja Forms allows Cross Site Request Forgery.This issue affects Ninja Forms: from n/a through 3.8.6...

CVE-2024-39628

Cross-Site Request Forgery CSRF vulnerability in Saturday Drive Ninja Forms allows Cross Site Request Forgery.This issue affects Ninja Forms: from n/a through 3.8.6...

CVE-2024-39628 WordPress Ninja Forms plugin <= 3.8.6 - Cross Site Request Forgery (CSRF) vulnerability

Cross-Site Request Forgery CSRF vulnerability in Saturday Drive Ninja Forms allows Cross Site Request Forgery.This issue affects Ninja Forms: from n/a through 3.8.6...