CVE-2024-29220

Ninja Forms prior to 3.8.1 contains a cross-site scripting vulnerability in custom fields for labels. If this vulnerability is exploited, an arbitrary script may be executed on the web browser of the user who is accessing to the website using the product...

CVE-2024-25572

Cross-site request forgery CSRF vulnerability exists in Ninja Forms prior to 3.4.31. If a website administrator views a malicious page while logging in, unintended operations may be performed...

CVE-2024-25572

Cross-site request forgery CSRF vulnerability exists in Ninja Forms prior to 3.4.31. If a website administrator views a malicious page while logging in, unintended operations may be performed...

CVE-2024-25572

CVE-2024-25572 affects Ninja Forms for WordPress prior to version 3.4.31. The issue is a CSRF vulnerability: if an administrator views a malicious page while logged in, unintended operations may be performed. Affected product/version: Ninja Forms before 3.4.31. Red Hat, NVD, JVN and related sourc...

CVE-2024-26019

Ninja Forms prior to 3.8.1 contains a cross-site scripting vulnerability in submit processing. If this vulnerability is exploited, an arbitrary script may be executed on the web browser of the user who is accessing to the website using the product...

CVE-2024-26019

CVE-2024-26019 affects Ninja Forms (WordPress) prior to 3.8.1, enabling a cross‑site scripting (XSS) vulnerability in submit processing. Exploitation could cause arbitrary JavaScript execution in the web browser of a user visiting the affected site. The root cause is insufficient input sanitizati...

CVE-2024-29220

Ninja Forms prior to 3.8.1 contains a cross-site scripting vulnerability in custom fields for labels. If this vulnerability is exploited, an arbitrary script may be executed on the web browser of the user who is accessing to the website using the product...

CVE-2024-29220

Ninja Forms prior to 3.8.1 contains a cross-site scripting vulnerability in custom fields for labels. If this vulnerability is exploited, an arbitrary script may be executed on the web browser of the user who is accessing to the website using the product...

CVE-2024-29220

CVE-2024-29220 affects Ninja Forms (WordPress) prior to 3.8.1. The issue is a cross-site scripting (XSS) vulnerability in the labels of custom fields, allowing an attacker to cause arbitrary script execution in a user’s browser when visiting a site using the product. Public references confirm the...

CVE-2024-22722

Server Side Template Injection SSTI vulnerability in Form Tools 3.1.1 allows attackers to run arbitrary commands via the Group Name field under the add forms section of the application...

PT-2024-19542

Name of the Vulnerable Software and Affected Versions Form Tools version 3.1.1 Description A Server Side Template Injection SSTI issue allows attackers to run arbitrary commands via the Group Name field under the add forms section of the application. Recommendations For Form Tools version 3.1.1,...

Tag Injection

contao/core-bundle is vulnerable to Tag Injection. The vulnerability is due to insufficient validation within SimpleTokenParser.php, allowing malicious users to inject tags via the form generator in frontend forms if the output is structured in a specific way...

WordPress MailChimp Forms by MailMunch plugin <= 3.2.1 - Cross Site Request Forgery (CSRF) vulnerability

Cross Site Request Forgery CSRF vulnerability discovered by Majed Refaea Patchstack Alliance in WordPress Plugin MailChimp Forms by MailMunch versions = 3.2.1...

PT-2024-21013 · Unknown · Ninja Forms

Name of the Vulnerable Software and Affected Versions: Ninja Forms versions prior to 3.4.31 Description: A cross-site request forgery CSRF issue exists, allowing unintended operations to be performed if a website administrator views a malicious page while logged in. Recommendations: For versions...

PT-2024-21279 · Unknown · Ninja Forms

Name of the Vulnerable Software and Affected Versions: Ninja Forms versions prior to 3.8.1 Description: The issue is related to a cross-site scripting vulnerability in submit processing. If exploited, an arbitrary script may be executed on the web browser of the user accessing the website using t...

PT-2024-22818 · Unknown · Ninja Forms

Name of the Vulnerable Software and Affected Versions: Ninja Forms versions prior to 3.8.1 Description: The issue is related to a cross-site scripting vulnerability in custom fields for labels. If exploited, an arbitrary script may be executed on the web browser of the user accessing the website...

CVE-2024-2340

The Avada theme for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 7.11.6 via the '/wp-content/uploads/fusion-forms/' directory. This makes it possible for unauthenticated attackers to extract sensitive data uploaded via an Avada created form with ...

CVE-2024-1812

The Everest Forms plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 2.0.7 via the 'fonturl' parameter. This makes it possible for unauthenticated attackers to make web requests to arbitrary locations originating from the web application and ca...

CVE-2024-1812

The Everest Forms plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 2.0.7 via the 'fonturl' parameter. This makes it possible for unauthenticated attackers to make web requests to arbitrary locations originating from the web application and ca...

CVE-2024-0598

The Gutenberg Blocks by Kadence Blocks – Page Builder Features plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the contact form message settings in all versions up to and including 3.2.17 due to insufficient input sanitization and output escaping. This makes it possible for...