CVE-2024-6725

The Formidable Forms – Contact Form Plugin, Survey, Quiz, Payment, Calculator Form & Custom Form Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘html’ parameter in all versions up to, and including, 6.11.1 due to insufficient input sanitization and output...

CVE-2024-6725 Formidable Forms <= 6.11.1 - Authenticated (Subscriber+) Stored Cross-Site Scripting

The Formidable Forms – Contact Form Plugin, Survey, Quiz, Payment, Calculator Form & Custom Form Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘html’ parameter in all versions up to, and including, 6.11.1 due to insufficient input sanitization and output...

CVE-2024-6725

Formidable Forms (WordPress)

WordPress HTML Forms plugin < 1.3.34 - Bulk Delete via CSRF vulnerability

Bulk Delete via CSRF vulnerability discovered by Bob Matyas in WordPress Plugin HTML Forms versions 1.3.34...

CVE-2024-6412

The HTML Forms WordPress plugin before 1.3.34 does not have CSRF checks in some places, which could allow attackers to make logged in users perform unwanted actions via CSRF attacks...

CVE-2024-6412

The HTML Forms WordPress plugin before 1.3.34 does not have CSRF checks in some places, which could allow attackers to make logged in users perform unwanted actions via CSRF attacks...

CVE-2024-6412 HTML Forms – Simple WordPress Forms Plugin < 1.3.34 - Bulk Delete via CSRF

The HTML Forms WordPress plugin before 1.3.34 does not have CSRF checks in some places, which could allow attackers to make logged in users perform unwanted actions via CSRF attacks...

CVE-2024-6412 HTML Forms – Simple WordPress Forms Plugin < 1.3.34 - Bulk Delete via CSRF

The HTML Forms WordPress plugin before 1.3.34 does not have CSRF checks in some places, which could allow attackers to make logged in users perform unwanted actions via CSRF attacks...

CVE-2024-6412

CVE-2024-6412 affects HTML Forms – Simple WordPress Forms Plugin prior to 1.3.34. Description indicates CSRF checks are missing in some areas, enabling CSRF attacks that could cause logged-in users to perform unintended actions. Connected Patchstack data confirms a fix: upgrade to version 1.3.34 ...

WordPress Formidable Forms plugin <= 6.11.1 - Authenticated (Subscriber+) Stored Cross-Site Scripting vulnerability

Authenticated Subscriber+ Stored Cross-Site Scripting vulnerability discovered by zer0gh0st in WordPress Plugin Formidable Forms versions = 6.11.1...

WordPress HTML Forms Plugin < 1.3.34 is vulnerable to Cross Site Request Forgery (CSRF)

Software HTML Forms Type Plugin Vulnerable versions 1.3.34 Fixed in 1.3.34 OWASP Top 10 A5: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2024-6412 Patch priority Low CVSS severity Low 5.4 Developer Claim ownership PSID 512deb690c57 Credits Bob Matyas Required...

WordPress Formidable Forms Plugin <= 6.11.1 is vulnerable to Cross Site Scripting (XSS)

Software Formidable Forms Type Plugin Vulnerable versions = 6.11.1 Fixed in 6.11.2 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-6725 Patch priority Low CVSS severity Low 4.9 Developer Claim ownership PSID b87ac759b2ea Credits zer0gh0st Required...

WordPress plugin Formidable Forms 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...

PT-2024-37825 · WordPress · Formidable Forms

Name of the Vulnerable Software and Affected Versions: Formidable Forms – Contact Form Plugin, Survey, Quiz, Payment, Calculator Form & Custom Form Builder plugin for WordPress versions up to, and including, 6.11.1 Description: The issue is related to Stored Cross-Site Scripting via the html...

PT-2024-37605 · WordPress · Html Forms

Name of the Vulnerable Software and Affected Versions: HTML Forms WordPress plugin versions prior to 1.3.34 Description: The issue concerns a lack of CSRF checks in certain areas, potentially allowing attackers to trick logged-in users into performing unintended actions through CSRF attacks...

WordPress plugin HTML Forms 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability exists in the...

OneDrive Phishing Scam Tricks Users into Running Malicious PowerShell Script

Cybersecurity researchers are warning about a new phishing campaign that targets Microsoft OneDrive users with the aim of executing a malicious PowerShell script. "This campaign heavily relies on social engineering tactics to deceive users into executing a PowerShell script, thereby compromising...

ROS-20240729-01

Vulnerability in Forms Authentication in Application Server Web Application Examples Apache Tomcat exists due to failure to take measures to protect web page structure. Exploitation of the vulnerability could allow a remote attacker to conduct a cross-site scripting XSS attack...

CVE-2024-6703

The Contact Form Plugin by Fluent Forms for Quiz, Survey, and Drag & Drop WP Form Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘description’ and 'btntxt' parameters in all versions up to, and including, 5.1.19 due to insufficient input sanitization and output...

CVE-2024-6703

The Contact Form Plugin by Fluent Forms for Quiz, Survey, and Drag & Drop WP Form Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘description’ and 'btntxt' parameters in all versions up to, and including, 5.1.19 due to insufficient input sanitization and output...