CVE-2024-1812 Everest Forms <= 2.0.7 - Unauthenticated Server-Side Request Forgery via font_url

The Everest Forms plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 2.0.7 via the 'fonturl' parameter. This makes it possible for unauthenticated attackers to make web requests to arbitrary locations originating from the web application and ca...

CVE-2024-1812 Everest Forms <= 2.0.7 - Unauthenticated Server-Side Request Forgery via font_url

The Everest Forms plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 2.0.7 via the 'fonturl' parameter. This makes it possible for unauthenticated attackers to make web requests to arbitrary locations originating from the web application and ca...

CVE-2024-2340 Avada <= 7.11.6 - Unauthenticated Sensitive Information Exposure via Form Uploads Directory Listing

The Avada theme for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 7.11.6 via the '/wp-content/uploads/fusion-forms/' directory. This makes it possible for unauthenticated attackers to extract sensitive data uploaded via an Avada created form with ...

CVE-2024-28191

Contao is an open source content management system. Starting in version 4.0.0 and prior to version 4.13.40 and 5.3.4, it is possible to inject insert tags in frontend forms if the output is structured in a very specific way. Contao versions 4.13.40 and 5.3.4 have a patch for this issue. As a...

CVE-2024-28191 Contao may have unencoded insert tags in the frontend

Contao is an open source content management system. Starting in version 4.0.0 and prior to version 4.13.40 and 5.3.4, it is possible to inject insert tags in frontend forms if the output is structured in a very specific way. Contao versions 4.13.40 and 5.3.4 have a patch for this issue. As a...

CVE-2024-28191

CVE-2024-28191 (Contao) concerns the Contao CMS. The issue allows injection of insert tags in frontend forms when the submitted data is output on the page in a very specific way, due to insufficient validation in the form generator. Affected versions include Contao 4.x up to 4.13.39 and Contao 5....

CVE-2024-28191 Contao may have unencoded insert tags in the frontend

Contao is an open source content management system. Starting in version 4.0.0 and prior to version 4.13.40 and 5.3.4, it is possible to inject insert tags in frontend forms if the output is structured in a very specific way. Contao versions 4.13.40 and 5.3.4 have a patch for this issue. As a...

CVE-2024-28190

Contao core/file management is vulnerable to Cross‑Site Scripting via filenames during file upload. In Contao 4.x and 5.x, versions prior to 4.13.40 and 5.3.4 allow attackers to inject malicious code in uploaded filenames, which is then executed in backend tooltips and popups. Affected versions i...

CVE-2024-28190 Contao core bundle vulnerable to cross site scripting in the file manager

Contao is an open source content management system. Starting in version 4.0.0 and prior to version 4.13.40 and 5.3.4, users can inject malicious code in filenames when uploading files back end and front end, which is then executed in tooltips and popups in the back end. Contao versions 4.13.40 an...

WordPress Plugin Everest Forms 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform supports personal blog sites on servers with PHP and MySQL. WordPress plugin is an application plugin. A security vulnerability exis...

PT-2024-19864 · WordPress · Avada

Name of the Vulnerable Software and Affected Versions: Avada theme for WordPress versions up to, and including, 7.11.6 Description: The issue allows unauthenticated attackers to extract sensitive data uploaded via an Avada created form with a file upload mechanism. This is possible due to sensiti...

PT-2024-18328 · WordPress · Everest Forms

Name of the Vulnerable Software and Affected Versions: Everest Forms plugin for WordPress versions up to, and including, 2.0.7 Description: The issue allows unauthenticated attackers to make web requests to arbitrary locations originating from the web application. This can be used to query and...

Contao 安全漏洞

Contao is an open source content management system CMS developed in PHP. The system supports search engines, rights management, and CSS frameworks. A security vulnerability exists in Contao version 4.x prior to version 4.13.40 and version 5.x prior to version 5.3.4, which stems from the ability t...

PT-2024-2857 · Adobe · Experience Manager

Name of the Vulnerable Software and Affected Versions: Adobe Experience Manager versions 6.5.19 and earlier Description: The issue exists due to inadequate protection of the web page structure. An attacker could exploit this to inject malicious scripts into vulnerable form fields, potentially...

PT-2024-22325 · Contao · Contao

Name of the Vulnerable Software and Affected Versions: Contao versions 4.0.0 through 4.13.39 Contao versions 5.0.0 through 5.3.3 Description: The issue allows inject tags in frontend forms if the output is structured in a very specific way. It is possible to inject insert tags via the form...

Multiple vulnerabilities in WordPress Plugin "Ninja Forms"

Overview WordPress Plugin "Ninja Forms" provided by Saturday Drive contains multiple vulnerabilities listed below. Cross-site request forgery CWE-352 - CVE-2024-25572 Stored cross-site scripting in submit processing CWE-79 - CVE-2024-26019 Stored cross-site scripting in custom fields for labels...

WordPress plugin Ninja Forms 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...

WordPress Plugin Ninja Forms Contact Form 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation, a blogging platform developed in the PHP language. The platform supports personal blog sites on servers with PHP and MySQL. WordPress plugin is an application plugin. A security vulnerability exists in WordPress Plugin...

WordPress Plugin Ninja Forms Contact Form 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation, a blogging platform developed in the PHP language. The platform supports personal blog sites on servers running PHP and MySQL. WordPress plugin is an application plugin. A security vulnerability exists in WordPress Plug...

Smart Forms < 2.6.96 - Admin+ Stored XSS

Description The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup PoC 1. Add a new form or edit an...