Ninja Forms – The Contact Form Builder That Grows With You < 3.8.1 - Admin+ Stored Cross-Site Scripting

Description The Ninja Forms – The Contact Form Builder That Grows With You plugin for WordPress is vulnerable to Stored Cross-Site Scripting via a form field in all versions up to, and including, 3.8.0 due to insufficient input sanitization and output escaping. This makes it possible for...

May 7, 2024, update for Outlook 2016 (KB5002593)

May 7, 2024, update for Outlook 2016 KB5002593 This article describes update 5002593 for Microsoft Outlook 2016 that was released on May 7, 2024. Be aware that the update in the Microsoft Download Center applies to the Microsoft Installer .msi-based edition of Office 2016. It doesn't apply to the...

CVE-2024-34380

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in QuantumCloud Conversational Forms for ChatBot allows Stored XSS.This issue affects Conversational Forms for ChatBot: from n/a through 1.2.0...

CVE-2024-34380

CVE-2024-34380 affects the QuantumCloud Conversational Forms for ChatBot WordPress plugin, with an Improper Neutralization of Input During Web Page Generation leading to Stored XSS in the Conversational Forms; affected versions are from n/a through 1.2.0. Red Hat and Wordfence sources confirm the...

CVE-2024-34380 WordPress ChatBot Conversational Forms plugin <= 1.2.0 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in QuantumCloud Conversational Forms for ChatBot allows Stored XSS.This issue affects Conversational Forms for ChatBot: from n/a through 1.2.0...

CVE-2024-34380 WordPress ChatBot Conversational Forms plugin <= 1.2.0 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in QuantumCloud Conversational Forms for ChatBot allows Stored XSS.This issue affects Conversational Forms for ChatBot: from n/a through 1.2.0...

WordPress plugin Conversational Forms for ChatBot 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A cross-site scripting vulnerability exists...

WordPress ChatBot Conversational Forms plugin <= 1.2.0 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by Jean Tirstan T Patchstack Alliance in WordPress Plugin Conversational Forms for ChatBot versions = 1.2.0...

WordPress GP Unique ID plugin <= 1.5.5 - Unauthenticated Form Submission Unique ID Modification vulnerability

Unauthenticated Form Submission Unique ID Modification vulnerability discovered by Karl Emil Nikka in WordPress Plugin Gravity Forms Unique ID versions = 1.5.5...

WordPress Conversational Forms for ChatBot Plugin <= 1.2.0 is vulnerable to Cross Site Scripting (XSS)

Software Conversational Forms for ChatBot Type Plugin Vulnerable versions = 1.2.0 Fixed in 1.3.0 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-34380 Patch priority Low CVSS severity Low 5.9 Developer Claim ownership PSID 04a3b48cf9af Credits Jean Tirstan T Requir...

Foxit PDF Reader 安全漏洞

Foxit PDF Reader is a PDF reader from the Chinese company Foxit. A security vulnerability exists in Foxit PDF Reader, which originates from a remote code execution vulnerability in the XFA Doc object reuse after release...

WordPress Gravity Forms Unique ID Plugin <= 1.5.5 is vulnerable to Content Spoofing

Software Gravity Forms Unique ID Type Plugin Vulnerable versions = 1.5.5 Fixed in 1.5.6 OWASP Top 10 A3: Injection Classification Content Spoofing CVE CVE-2024-0710 Patch priority Low CVSS severity Low 5.3 Developer Claim ownership PSID deacdbc2e22e Credits Karl Emil Nikka Required privilege...

CVE-2024-2797

The MailerLite – Signup forms official plugin for WordPress is vulnerable to unauthorized plugin setting changes due to a missing capability check on the toggleRolesAndPermissions and editAllowedRolesAndPermissions functions in all versions up to, and including, 1.7.6. This makes it possible for...

CVE-2024-2542

The Jotform Online Forms – Drag & Drop Form Builder, Securely Embed Contact Forms plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcodes in all versions up to, and including, 1.3.1 due to insufficient input sanitization and output escaping on user supplied...

CVE-2024-3715

CVE-2024-3715 relates to the Database for Contact Form 7, WPforms, and Elementor forms plugins on WordPress. It describes a Stored Cross-Site Scripting vulnerability caused by insufficient input sanitization and output escaping, enabling unauthenticated attackers to inject scripts that execute wh...

CVE-2024-3715 Database for Contact Form 7, WPforms, Elementor forms <= 1.3.8 - Unauthenticated Stored Cross-Site Scripting

The Database for Contact Form 7, WPforms, Elementor forms plugin for WordPress is vulnerable to Stored Cross-Site Scripting in all versions up to, and including, 1.3.8 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject...

CVE-2024-3729

The CVE-2024-3729 issue affects the Frontend Admin by DynamiApps WordPress plugin. It is caused by improper missing encryption exception handling in the fea_encrypt function, and is exploitable on all versions up to and including 3.19.4 when the OpenSSL PHP extension is not loaded. This allows un...

CVE-2024-2797

CVE-2024-2797 affects the MailerLite – Signup forms (official) plugin for WordPress. Unauthenticated attackers could change plugin settings due to missing capability checks in toggleRolesAndPermissions and editAllowedRolesAndPermissions across versions up to 1.7.6, potentially enabling lower-leve...

CVE-2024-2542

The CVE-2024-2542 issue affects the Jotform Online Forms – Drag & Drop Form Builder, Securely Embed Contact Forms WordPress plugin up to version 1.3.1, with stored XSS via shortcode attributes. Root cause is insufficient input sanitization and output escaping, enabling authenticated users with co...

WordPress plugin Jotform Online Forms 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...