CVE-2024-1306 Smart Forms < 2.6.94 - Edit Entries via CSRF

The Smart Forms WordPress plugin before 2.6.94 does not have CSRF checks in some places, which could allow attackers to make logged-in users perform unwanted actions via CSRF attacks, such as editing entries, and we consider it a medium risk...

CVE-2024-1307 Smart Forms < 2.6.94 - Subscriber+ Edit Entries via Broken Access Control

The Smart Forms WordPress plugin before 2.6.94 does not have proper authorization in some actions, which could allow users with a role as low as a subscriber to call them and perform unauthorized actions...

CVE-2024-1307 Smart Forms < 2.6.94 - Subscriber+ Edit Entries via Broken Access Control

The Smart Forms WordPress plugin before 2.6.94 does not have proper authorization in some actions, which could allow users with a role as low as a subscriber to call them and perform unauthorized actions...

WordPress Smart Forms Plugin < 2.6.94 is vulnerable to Cross Site Request Forgery (CSRF)

Software Smart Forms Type Plugin Vulnerable versions 2.6.94 Fixed in 2.6.94 OWASP Top 10 A5: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2024-1306 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID b8231f973f18 Credits Amir Hossein Fallahi...

WordPress Plugin Smart Forms 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A security vulnerability previously existed...

WordPress Jotform Online Forms Plugin <= 1.3.1 is vulnerable to Cross Site Scripting (XSS)

Software Jotform Online Forms Type Plugin Vulnerable versions = 1.3.1 Fixed in 1.3.2 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-32527 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 6eac99777a8f Credits Ngô Thiên An ancorn from VNPT-VCI...

WordPress Smart Forms Plugin < 2.6.94 is vulnerable to Broken Access Control

Software Smart Forms Type Plugin Vulnerable versions 2.6.94 Fixed in 2.6.94 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2024-1307 Patch priority Low CVSS severity Low 5.4 Developer Claim ownership PSID 966287948243 Credits Amir Hossein Fallahi Required...

WordPress Plugin Smart Forms 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A security vulnerability previously existed...

WordPress WP Cost Estimation & Payment Forms Builder Plugin <= 10.1.75 is vulnerable to Cross Site Scripting (XSS)

Software WP Cost Estimation & Payment Forms Builder Type Plugin Vulnerable versions = 10.1.75 Fixed in 10.1.76 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-32510 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 052582e81e99 Credits...

WordPress Plugin MailChimp Forms by MailMunch 跨站请求伪造漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. WordPress Plugin MailChimp Forms by MailMun...

PT-2024-24024 · Mailmunch · Mailchimp Forms By Mailmunch

Name of the Vulnerable Software and Affected Versions: MailChimp Forms by MailMunch versions 3.2.1 and earlier Description: The issue is a Cross-Site Request Forgery CSRF vulnerability. This type of vulnerability allows an attacker to trick a user into performing unintended actions on a web...

WordPress WP Cost Estimation & Payment Forms Builder Plugin <= 10.1.76 is vulnerable to Broken Access Control

Software WP Cost Estimation & Payment Forms Builder Type Plugin Vulnerable versions = 10.1.76 Fixed in 10.1.77 OWASP Top 10 A1: Broken Access Control Classification Broken Access Control CVE CVE-2024-32509 Patch priority Medium CVSS severity Medium 6.5 Developer Claim ownership PSID 4f90762b9976...

PT-2024-17910 · WordPress · Smart Forms

Name of the Vulnerable Software and Affected Versions: The Smart Forms WordPress plugin versions prior to 2.6.94 Description: The issue is related to the lack of CSRF checks in some places, which could allow attackers to make logged-in users perform unwanted actions via CSRF attacks, such as...

PT-2024-17914 · WordPress · Smart Forms

Name of the Vulnerable Software and Affected Versions: The Smart Forms WordPress plugin versions prior to 2.6.94 Description: The issue is related to improper authorization in some actions within the plugin, allowing users with a low role, such as a subscriber, to perform unauthorized actions...

WordPress Forms to Zapier plugin <= 1.1.12 - SQL Injection vulnerability

SQL Injection vulnerability discovered by Muhammad Daffa Patchstack Alliance in WordPress Plugin Forms to Zapier, Integromat, IFTTT, Workato, Automate.io, elastic.io, Built.io, APIANT, Webhook versions = 1.1.12...

WordPress Payment Forms for Paystack Plugin <= 4.0.0 is vulnerable to Cross Site Scripting (XSS)

Software Payment Forms for Paystack Type Plugin Vulnerable versions = 4.0.0 Fixed in N/A OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-32130 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID bdaaf2a9d240 Credits Ngô Thiên An ancorn from...

WordPress Forms to Zapier, Integromat, IFTTT, Workato, Automate.io, elastic.io, Built.io, APIANT, Webhook Plugin <= 1.1.12 is vulnerable to SQL Injection

Software Forms to Zapier, Integromat, IFTTT, Workato, Automate.io, elastic.io, Built.io, APIANT, Webhook Type Plugin Vulnerable versions = 1.1.12 Fixed in N/A OWASP Top 10 A3: Injection Classification SQL Injection CVE CVE-2024-32134 Patch priority Low CVSS severity Low 7.6 Developer Claim...

CVE-2024-25572

Cross-site request forgery CSRF vulnerability exists in Ninja Forms prior to 3.4.31. If a website administrator views a malicious page while logging in, unintended operations may be performed...

CVE-2024-26019

Ninja Forms prior to 3.8.1 contains a cross-site scripting vulnerability in submit processing. If this vulnerability is exploited, an arbitrary script may be executed on the web browser of the user who is accessing to the website using the product...

CVE-2024-26019

Ninja Forms prior to 3.8.1 contains a cross-site scripting vulnerability in submit processing. If this vulnerability is exploited, an arbitrary script may be executed on the web browser of the user who is accessing to the website using the product...