WordPress Smart Forms plugin < 2.6.94 - Subscriber+ Edit Entries via Broken Access Control vulnerability

Subscriber+ Edit Entries via Broken Access Control vulnerability discovered by Amir Hossein Fallahi in WordPress Plugin Smart Forms versions 2.6.94...

WordPress Smart Forms plugin < 2.6.94 - Edit Entries via CSRF vulnerability

Edit Entries via CSRF vulnerability discovered by Amir Hossein Fallahi in WordPress Plugin Smart Forms versions 2.6.94...

WordPress WP Cost Estimation & Payment Forms Builder plugin <= 10.1.75 - Reflected Cross Site Scripting (XSS) vulnerability

Reflected Cross Site Scripting XSS vulnerability discovered by Rafie Muhammad Patchstack in WordPress Plugin WP Cost Estimation & Payment Forms Builder versions = 10.1.75...

WordPress WP Cost Estimation & Payment Forms Builder plugin <= 10.1.76 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by Rafie Muhammad Patchstack in WordPress Plugin WP Cost Estimation & Payment Forms Builder versions = 10.1.76...

CVE-2024-31378

Cross-Site Request Forgery CSRF vulnerability in MailMunch MailChimp Forms by MailMunch.This issue affects MailChimp Forms by MailMunch: from n/a through 3.2.1...

CVE-2024-31378

Cross-Site Request Forgery CSRF vulnerability in MailMunch MailChimp Forms by MailMunch.This issue affects MailChimp Forms by MailMunch: from n/a through 3.2.1...

CVE-2024-31378

CVE-2024-31378 is a Cross-Site Request Forgery (CSRF) vulnerability reported in MailMunch MailChimp Forms by MailMunch. Public details in connected docs indicate the affected product is MailChimp Forms by MailMunch and the issue covers versions up to 3.2.1. No exploit, root-cause, impact, or patc...

CVE-2024-31378 WordPress MailChimp Forms by MailMunch plugin <= 3.2.1 - Cross Site Request Forgery (CSRF) vulnerability

Cross-Site Request Forgery CSRF vulnerability in MailMunch MailChimp Forms by MailMunch.This issue affects MailChimp Forms by MailMunch: from n/a through 3.2.1...

CVE-2024-32134

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Nasirahmed Forms to Zapier, Integromat, IFTTT, Workato, Automate.Io, elastic.Io, Built.Io, APIANT, Webhook.This issue affects Forms to Zapier, Integromat, IFTTT, Workato, Automate.Io, elastic.Io,...

CVE-2024-32134 WordPress Forms to Zapier plugin <= 1.1.12 - Auth. SQL Injection vulnerability

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Nasirahmed Forms to Zapier, Integromat, IFTTT, Workato, Automate.Io, elastic.Io, Built.Io, APIANT, Webhook.This issue affects Forms to Zapier, Integromat, IFTTT, Workato, Automate.Io, elastic.Io,...

CVE-2024-32134 WordPress Forms to Zapier plugin <= 1.1.12 - Auth. SQL Injection vulnerability

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Nasirahmed Forms to Zapier, Integromat, IFTTT, Workato, Automate.Io, elastic.Io, Built.Io, APIANT, Webhook.This issue affects Forms to Zapier, Integromat, IFTTT, Workato, Automate.Io, elastic.Io,...

CVE-2024-32134

CVE-2024-32134 is an Authenticated (Administrator+) SQL Injection in the WordPress plugin Forms to Zapier/Integromat/IFTTT/Workato/Automate.io/elastic.io/Built.io/APIANT/Webhook, affecting versions up to 1.1.12. Root cause is improper neutralization of input used in SQL commands. Public exploitat...

CVE-2024-1306

The Smart Forms WordPress plugin before 2.6.94 does not have CSRF checks in some places, which could allow attackers to make logged-in users perform unwanted actions via CSRF attacks, such as editing entries, and we consider it a medium risk...

CVE-2024-1306

The Smart Forms WordPress plugin before 2.6.94 does not have CSRF checks in some places, which could allow attackers to make logged-in users perform unwanted actions via CSRF attacks, such as editing entries, and we consider it a medium risk...

CVE-2024-1307

The Smart Forms WordPress plugin before 2.6.94 does not have proper authorization in some actions, which could allow users with a role as low as a subscriber to call them and perform unauthorized actions...

CVE-2024-1307

The Smart Forms WordPress plugin before 2.6.94 does not have proper authorization in some actions, which could allow users with a role as low as a subscriber to call them and perform unauthorized actions...

CVE-2024-1306 Smart Forms < 2.6.94 - Edit Entries via CSRF

The Smart Forms WordPress plugin before 2.6.94 does not have CSRF checks in some places, which could allow attackers to make logged-in users perform unwanted actions via CSRF attacks, such as editing entries, and we consider it a medium risk...

CVE-2024-1306 Smart Forms < 2.6.94 - Edit Entries via CSRF

The Smart Forms WordPress plugin before 2.6.94 does not have CSRF checks in some places, which could allow attackers to make logged-in users perform unwanted actions via CSRF attacks, such as editing entries, and we consider it a medium risk...

CVE-2024-1307 Smart Forms < 2.6.94 - Subscriber+ Edit Entries via Broken Access Control

The Smart Forms WordPress plugin before 2.6.94 does not have proper authorization in some actions, which could allow users with a role as low as a subscriber to call them and perform unauthorized actions...

CVE-2024-1307 Smart Forms < 2.6.94 - Subscriber+ Edit Entries via Broken Access Control

The Smart Forms WordPress plugin before 2.6.94 does not have proper authorization in some actions, which could allow users with a role as low as a subscriber to call them and perform unauthorized actions...