WordPress plugin Piotnet Forms security vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...

CVE-2024-4319

CVE-2024-4319 affects the WordPress plugin Advanced Contact form 7 DB . The vulnerability is due to a missing capability check in the function vsz_cf7_export_to_excel, allowing unauthenticated attackers to download submitted form entries. Affected versions are up to and including 2.0.2 ; remediat...

CVE-2024-35742

Missing Authorization vulnerability in Code Parrots Easy Forms for Mailchimp.This issue affects Easy Forms for Mailchimp: from n/a through 6.9.0...

CVE-2024-35742

Missing Authorization vulnerability in Code Parrots Easy Forms for Mailchimp.This issue affects Easy Forms for Mailchimp: from n/a through 6.9.0...

CVE-2024-35742 WordPress Easy Forms for Mailchimp plugin <= 6.9.0 - Broken Access Control vulnerability

Missing Authorization vulnerability in Code Parrots Easy Forms for Mailchimp.This issue affects Easy Forms for Mailchimp: from n/a through 6.9.0...

CVE-2024-35742

CVE-2024-35742 is listed in the initial document as a Missing Authorization vulnerability in Easy Forms for Mailchimp affecting versions up to 6.9.0. The connected documents do not provide detailed technical specifics (no root cause, impact, affected sub-components, or remediation steps) beyond t...

WordPress plugin Easy Forms for Mailchimp security vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin... A security vulnerability...

TYPO3 Cross-Site Scripting in Form Framework

Failing to properly encode user input, frontend forms handled by the form framework system extension “form” are vulnerable to cross-site scripting...

PT-2024-27123 · WordPress · Powerpack Pro For Elementor

Name of the Vulnerable Software and Affected Versions: PowerPack Pro for Elementor plugin for WordPress versions up to, and including, 2.10.17 Description: The issue is due to the plugin not restricting low privileged users from setting a default role for a registration form. This makes it possib...

CVE-2024-37156

The SuluFormBundle adds support for creating dynamic forms in Sulu Admin. The TokenController get parameter formName is not sanitized in the returned input field which leads to XSS. This vulnerability is fixed in 2.5.3...

CVE-2024-37156 TokenController formName not sanitized in hidden input

The SuluFormBundle adds support for creating dynamic forms in Sulu Admin. The TokenController get parameter formName is not sanitized in the returned input field which leads to XSS. This vulnerability is fixed in 2.5.3...

CVE-2024-37156

CVE-2024-37156 affects SuluFormBundle (Sulu Admin) where the TokenController.get parameter formName is not sanitized in the returned input field, enabling Cross-Site Scripting (XSS). The issue is fixed in version 2.5.3. Mitigation is to upgrade to 2.5.3 or apply the provided patch; no exploit det...

CVE-2024-37156 TokenController formName not sanitized in hidden input

The SuluFormBundle adds support for creating dynamic forms in Sulu Admin. The TokenController get parameter formName is not sanitized in the returned input field which leads to XSS. This vulnerability is fixed in 2.5.3...

WordPress Easy Forms for Mailchimp plugin <= 6.9.0 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by NGÔ THIÊN AN Patchstack Alliance in WordPress Plugin Easy Forms for Mailchimp versions = 6.9.0...

WordPress Easy Forms for Mailchimp Plugin <= 6.9.0 is vulnerable to Broken Access Control

Software Easy Forms for Mailchimp Type Plugin Vulnerable versions = 6.9.0 Fixed in N/A OWASP Top 10 A1: Broken Access Control Classification Broken Access Control CVE CVE-2024-35742 Patch priority Low CVSS severity Low 5.3 Developer Claim ownership PSID 177d8b32aedf Credits Ngô Thiên An ancorn fr...

GHSA-V4QR-8H2V-QPJX Cross-Site Scripting in TYPO3 CMS Backend

Failing to properly encode user input, backend forms are vulnerable to Cross-Site Scripting. A valid backend user account is needed to exploit this vulnerability...

GHSA-PPGF-8745-8PGX Insecure Deserialization & Arbitrary Code Execution in TYPO3 CMS

Phar files formerly known as "PHP archives" can act als self extracting archives which leads to the fact that source code is executed when Phar files are invoked. The Phar file format is not limited to be stored with a dedicated file extension - "bundle.phar" would be valid as well as "bundle.txt...

AZL-42409 CVE-2024-24790 affecting package golang for versions less than 1.18.8-4

The various Is methods IsPrivate, IsLoopback, etc did not work as expected for IPv4-mapped IPv6 addresses, returning false for addresses which would return true in their traditional IPv4 forms...

CVE-2024-2368

The Mollie Forms plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.6.13. This is due to missing or incorrect nonce validation on the duplicateForm function. This makes it possible for unauthenticated attackers to duplicate forms via a forged...

CVE-2024-2368 Mollie Forms <= 2.6.13 - Cross-Site Request Forgery to Arbitrary Post Duplication

The Mollie Forms plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.6.13. This is due to missing or incorrect nonce validation on the duplicateForm function. This makes it possible for unauthenticated attackers to duplicate forms via a forged...