PT-2024-17998 · WordPress · Mailerlite

Name of the Vulnerable Software and Affected Versions: MailerLite – Signup forms plugin for WordPress versions 1.5.0 through 1.7.6 Description: The issue is related to Stored Cross-Site Scripting via the plugin's shortcodes due to insufficient input sanitization and output escaping on user-suppli...

PT-2024-27334 · WordPress · Elementor Forms Plugin +2

Name of the Vulnerable Software and Affected Versions: The Database for Contact Form 7, WPforms, Elementor forms plugin for WordPress versions up to, and including, 1.3.8 Description: The issue is related to Stored Cross-Site Scripting due to insufficient input sanitization and output escaping...

PT-2024-22175 · Mailerlite · Mailerlite – Signup Forms

Name of the Vulnerable Software and Affected Versions: MailerLite – Signup forms official plugin for WordPress versions up to, and including, 1.7.6 Description: The issue allows unauthorized plugin setting changes due to a missing capability check on the toggleRolesAndPermissions and...

CVE-2024-32210

The LoMag WareHouse Management application version 1.0.20.120 and older were to utilize hard-coded passwords by default for forms and SQL connections...

CVE-2024-32210

The Red Hat–listed CVEs map to LoMag LoMag Inventory Management v1.0.20.120 and earlier. Concrete issues include: hard-coded passwords by default for forms and SQL connections (CVE-2024-32210); local information disclosure via UserClass.cs and Settings.cs (CVE-2024-32211); SQL Injection via Artic...

PT-2024-24461 · Unknown · Lomag Warehouse Management

Name of the Vulnerable Software and Affected Versions: LoMag WareHouse Management application versions 1.0.20.120 and older Description: The issue concerns the use of hard-coded passwords by default for forms and SQL connections. Recommendations: For versions 1.0.20.120 and older, update the...

CVE-2024-32210

The LoMag WareHouse Management application version 1.0.20.120 and older were to utilize hard-coded passwords by default for forms and SQL connections...

Smart Forms < 2.6.92 - Missing Authorization to Notice Dismissal

Description The Smart Forms plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the rednaosmartformsdontshowagain function in versions up to, and including, 2.6.91. This makes it possible for authenticated attackers, with subscriber-level...

golang: net/http: golang: mime/multipart: golang: net/textproto: memory exhaustion in Request.ParseMultipartForm

A flaw was discovered in Go's net/http standard library package. When parsing a multipart form either explicitly with Request.ParseMultipartForm or implicitly with Request.FormValue, Request.PostFormValue, or Request.FormFile, limits on the total size of the parsed form were not applied to the...

WordPress MailerLite – Signup forms (official) plugin <= 1.7.6 - Missing Authorization vulnerability

Missing Authorization vulnerability discovered by Krzysztof Zając in WordPress Plugin MailerLite versions = 1.7.6...

WordPress MailerLite – Signup forms Plugin <= 1.7.6 is vulnerable to Cross Site Scripting (XSS)

Software MailerLite – Signup forms Type Plugin Vulnerable versions = 1.7.6 Fixed in 1.7.7 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-1386 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID cf12af72ac5b Credits Richard Tellen...

WordPress MailerLite – Signup forms Plugin <= 1.7.6 is vulnerable to Broken Access Control

Software MailerLite – Signup forms Type Plugin Vulnerable versions = 1.7.6 Fixed in 1.7.7 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2024-2797 Patch priority Low CVSS severity Low 5.3 Developer Claim ownership PSID d779eba11e1c Credits Krzysztof Zając...

PT-2024-4456 · Adobe · Experience Manager

Name of the Vulnerable Software and Affected Versions: Adobe Experience Manager versions 6.5.20 and earlier Description: The issue is related to insufficient protection of the web page structure, which can be exploited by a remote attacker to execute arbitrary code. A stored Cross-Site Scripting...

CVE-2024-4310

HubBank 1.0.2 is affected by a Cross-site Scripting (XSS) vulnerability in registration and profile forms due to insufficient input filtering/escaping. An attacker can deliver a crafted JavaScript payload that executes when an authenticated user loads the page, enabling session takeover. Affected...

WordPress Smart Forms plugin < 2.6.96 - Admin+ Stored XSS vulnerability

Admin+ Stored XSS vulnerability discovered by Bob Matyas in WordPress Plugin Smart Forms versions 2.6.96...

CVE-2024-33593

Missing Authorization vulnerability in RedNao Smart Forms.This issue affects Smart Forms: from n/a through 2.6.91...

CVE-2024-33593

Missing Authorization vulnerability in RedNao Smart Forms.This issue affects Smart Forms: from n/a through 2.6.91...

CVE-2024-33593

CVE-2024-33593: Missing Authorization vulnerability in RedNao Smart Forms affecting Smart Forms up to version 2.6.91. Connected Red Hat entry confirms the issue description; no publicly documented exploitation details, impact specifics, or remediation in the provided documents. The known issue is...

CVE-2024-33593 WordPress Smart Forms plugin <= 2.6.91 - Broken Access Control vulnerability

Missing Authorization vulnerability in RedNao Smart Forms.This issue affects Smart Forms: from n/a through 2.6.91...

CVE-2024-33593 WordPress Smart Forms plugin <= 2.6.91 - Broken Access Control vulnerability

Missing Authorization vulnerability in RedNao Smart Forms.This issue affects Smart Forms: from n/a through 2.6.91...