CVE-2024-38773

CVE-2024-38773: WordPress FormLift for Infusionsoft Web Forms (

CVE-2024-38773 WordPress formlift plugin <= 7.5.17 - Unauthenticated Blind SQL Injection vulnerability

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Adrian Tobey FormLift for Infusionsoft Web Forms allows Blind SQL Injection.This issue affects FormLift for Infusionsoft Web Forms: from n/a through 7.5.17...

WordPress HTML Forms plugin < 1.3.33 - Admin+ Stored XSS vulnerability

Admin+ Stored XSS vulnerability discovered by Majdeddine Ben Hadj Brahim in WordPress Plugin HTML Forms versions 1.3.33...

CVE-2024-6243

The HTML Forms WordPress plugin before 1.3.33 does not sanitize and escape the form message inputs, allowing high-privilege users, such as administrators, to perform Stored Cross-Site Scripting XSS attacks even when the unfilteredhtml capability is disabled...

CVE-2024-6243

The HTML Forms WordPress plugin before 1.3.33 does not sanitize and escape the form message inputs, allowing high-privilege users, such as administrators, to perform Stored Cross-Site Scripting XSS attacks even when the unfilteredhtml capability is disabled...

CVE-2024-6243 HTML Forms < 1.3.33 - Admin+ Stored XSS

The HTML Forms WordPress plugin before 1.3.33 does not sanitize and escape the form message inputs, allowing high-privilege users, such as administrators, to perform Stored Cross-Site Scripting XSS attacks even when the unfilteredhtml capability is disabled...

CVE-2024-6243

CVE-2024-6243 affects the WordPress plugin HTML Forms prior to version 1.3.33. The vulnerability is a Stored XSS in form message inputs due to lack of sanitization/escaping, enabling high-privilege users (e.g., administrators) to inject scripts. Public writeups in multiple sources (NVD/NIST entry...

CVE-2024-6243 HTML Forms < 1.3.33 - Admin+ Stored XSS

The HTML Forms WordPress plugin before 1.3.33 does not sanitize and escape the form message inputs, allowing high-privilege users, such as administrators, to perform Stored Cross-Site Scripting XSS attacks even when the unfilteredhtml capability is disabled...

PT-2024-28209

Name of the Vulnerable Software and Affected Versions FormLift for Infusionsoft Web Forms versions n/a through 7.5.17 Description The issue is related to an SQL Injection vulnerability, specifically a Blind SQL Injection, due to improper neutralization of special elements used in an SQL command...

PT-2024-37475 · WordPress · Html Forms

Name of the Vulnerable Software and Affected Versions: HTML Forms WordPress plugin versions prior to 1.3.33 Description: The issue allows high-privilege users, such as administrators, to perform Stored Cross-Site Scripting XSS attacks. This is possible because the plugin does not properly sanitiz...

CVE-2024-37512

Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in Basix NEX-Forms – Ultimate Form Builder allows Stored XSS.This issue affects NEX-Forms – Ultimate Form Builder: from n/a through 8.5.10...

CVE-2024-37512

Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in Basix NEX-Forms – Ultimate Form Builder allows Stored XSS.This issue affects NEX-Forms – Ultimate Form Builder: from n/a through 8.5.10...

CVE-2024-37512 WordPress NEX-Forms – Ultimate Form Builder plugin <= 8.5.10 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in Basix NEX-Forms – Ultimate Form Builder allows Stored XSS.This issue affects NEX-Forms – Ultimate Form Builder: from n/a through 8.5.10...

CVE-2024-37512 WordPress NEX-Forms – Ultimate Form Builder plugin <= 8.5.10 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in Basix NEX-Forms – Ultimate Form Builder allows Stored XSS.This issue affects NEX-Forms – Ultimate Form Builder: from n/a through 8.5.10...

CVE-2024-37512

CVE-2024-37512 is a Stored XSS in Basix NEX-Forms – Ultimate Form Builder (WordPress plugin) affecting versions up to 8.5.10. The vulnerability stems from improper neutralization of input during web page generation. Public advisories from NVD/Red Hat and CVE records confirm the issue as Stored XS...

CVE-2024-6934

A vulnerability classified as problematic has been found in formtools.org Form Tools 3.1.1. This affects an unknown part of the file /admin/forms/add/step2.php?submissiontype=direct. The manipulation of the argument Form URL leads to cross site scripting. It is possible to initiate the attack...

PT-2024-27617 · Unknown · Basix Nex-Forms

Name of the Vulnerable Software and Affected Versions: Basix NEX-Forms – Ultimate Form Builder versions through 8.5.10 Description: The issue is related to Improper Neutralization of Input During Web Page Generation, also known as Cross-site Scripting XSS. This allows for Stored XSS, which can be...

WordPress formlift plugin <= 7.5.17 - Unauthenticated Blind SQL Injection vulnerability

Unauthenticated Blind SQL Injection vulnerability discovered by Asif Wani Patchstack Alliance in WordPress Plugin FormLift for Infusionsoft Web Forms versions = 7.5.17...

WordPress FormLift for Infusionsoft Web Forms Plugin <= 7.5.17 is vulnerable to SQL Injection

Software FormLift for Infusionsoft Web Forms Type Plugin Vulnerable versions = 7.5.17 Fixed in 7.5.18 OWASP Top 10 A3: Injection Classification SQL Injection CVE CVE-2024-38773 Patch priority High CVSS severity High 9.3 Developer Claim ownership PSID d19e614d84b5 Credits Asif Wani Required...

WordPress Gravity Forms: Multiple Form Instances plugin <= 1.1.1 - Unauthenticated Full Path Disclosure vulnerability

Unauthenticated Full Path Disclosure vulnerability discovered by stealthcopter in WordPress Plugin Gravity Forms: Multiple Form Instances versions = 1.1.1...