CVE-2024-43233

Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in BannerSky BSK Forms Blacklist allows Reflected XSS.This issue affects BSK Forms Blacklist: from n/a through 3.8...

CVE-2024-43233 WordPress BSK Forms Blacklist plugin <= 3.8 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in BannerSky BSK Forms Blacklist allows Reflected XSS.This issue affects BSK Forms Blacklist: from n/a through 3.8...

CVE-2024-43233

CVE-2024-43233 is a Reflected XSS in BSK Forms Blacklist (BannerSky) plugin. The issue arises from improper input neutralization during web page generation, enabling crafted input to be reflected back to the user and potentially execute script in the victim’s browser. Affected versions are the BS...

CVE-2024-43233 WordPress BSK Forms Blacklist plugin <= 3.8 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in BannerSky BSK Forms Blacklist allows Reflected XSS.This issue affects BSK Forms Blacklist: from n/a through 3.8...

WordPress plugin BSK Forms Blacklist 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed in the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site scripting...

ROS-20240812-02

A vulnerability in the GLPI plugin that allows the creation of custom Formcreator forms is related to the the use of FULLFORM for rendering. Exploitation of the vulnerability could allow an attacker, acting remotely, to execute arbitrary javascript code...

WordPress BSK Forms Blacklist plugin <= 3.8 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by LVT-tholv2k Patchstack Alliance in WordPress Plugin BSK Forms Blacklist versions = 3.8...

WordPress MailChimp Subscribe Form plugin <= 4.0.9.7 - Stored Cross-Site Scripting vulnerability

Stored Cross-Site Scripting vulnerability discovered by Steven Julian Patchstack Alliance in WordPress Plugin MailChimp Subscribe Forms versions = 4.0.9.7...

WordPress BSK Forms Blacklist Plugin <= 3.8 is vulnerable to Cross Site Scripting (XSS)

Software BSK Forms Blacklist Type Plugin Vulnerable versions = 3.8 Fixed in 3.8.1 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-43233 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 39a05d2b3c1d Credits LVT-tholv2k Required privilege...

WordPress MailChimp Subscribe Forms Plugin <= 4.0.9.9 is vulnerable to Cross Site Scripting (XSS)

Software MailChimp Subscribe Forms Type Plugin Vulnerable versions = 4.0.9.9 Fixed in N/A OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-43211 Patch priority Low CVSS severity Low 5.9 Developer Claim ownership PSID b6921b6bb1b6 Credits Steven Julian Required...

DRUPAL-CONTRIB-2024-029

The Opigno Learning Path module enables you to manage group content. Administrative forms allow uploading malicious files which may contain arbitrary code RCE or cross site scriptiong XSS. These forms were not adequately controlled with permissions that communicate the severity of the permission...

CVE-2024-7484

The CRM Perks Forms plugin for WordPress is vulnerable to arbitrary file uploads due to insufficient file validation on the 'handleuploadedfiles' function in versions up to, and including, 1.1.3. This makes it possible for authenticated attackers with administrator-level capabilities or above, to...

CVE-2024-7484 CRM Perks Forms <= 1.1.3 - Authenticated (Administrator+) Arbitrary File Upload

The CRM Perks Forms plugin for WordPress is vulnerable to arbitrary file uploads due to insufficient file validation on the 'handleuploadedfiles' function in versions up to, and including, 1.1.3. This makes it possible for authenticated attackers with administrator-level capabilities or above, to...

WordPress plugin CRM Perks Forms 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...

WordPress CRM Perks Forms Plugin <= 1.1.3 is vulnerable to Arbitrary File Upload

Software CRM Perks Forms Type Plugin Vulnerable versions = 1.1.3 Fixed in 1.1.4 OWASP Top 10 A1: Injection Classification Arbitrary File Upload CVE CVE-2024-7484 Patch priority Low CVSS severity Low 9.1 Developer Claim ownership PSID c7c64ee12633 Credits István Márton Required privilege...

CVE-2024-39643

Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in RegistrationMagic Forms RegistrationMagic allows Stored XSS.This issue affects RegistrationMagic: from n/a through 6.0.0.1...

PT-2024-14475 · WordPress · Wpforms User Registration

Name of the Vulnerable Software and Affected Versions: WPForms User Registration versions n/a through 2.1.0 Description: The issue is related to Improper Privilege Management, allowing Privilege Escalation in WPForms User Registration. Recommendations: For versions n/a through 2.1.0, update to a...

CVE-2024-6725

The Formidable Forms – Contact Form Plugin, Survey, Quiz, Payment, Calculator Form & Custom Form Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘html’ parameter in all versions up to, and including, 6.11.1 due to insufficient input sanitization and output...

CVE-2024-6725

The Formidable Forms – Contact Form Plugin, Survey, Quiz, Payment, Calculator Form & Custom Form Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘html’ parameter in all versions up to, and including, 6.11.1 due to insufficient input sanitization and output...

CVE-2024-6725 Formidable Forms <= 6.11.1 - Authenticated (Subscriber+) Stored Cross-Site Scripting

The Formidable Forms – Contact Form Plugin, Survey, Quiz, Payment, Calculator Form & Custom Form Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘html’ parameter in all versions up to, and including, 6.11.1 due to insufficient input sanitization and output...