Smart Forms < 2.6.96 - Admin+ Stored XSS

Description The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup PoC 1. Add a new form or edit an...

JVN#50361500: Multiple vulnerabilities in WordPress Plugin "Ninja Forms"

WordPress Plugin "Ninja Forms" provided by Saturday Drive contains multiple vulnerabilities listed below. Cross-site request forgery CWE-352 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N Base Score 4.3 CVE-2024-25572 Stored cross-site scripting in submit processing CWE-79...

Smart Forms < 2.6.96 - Admin+ Stored XSS

Description The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup 1. Add a new form or edit an existing...

WordPress Formsite | Embed online forms to collect orders, registrations, leads, and surveys Plugin <= 1.6 is vulnerable to Cross Site Scripting (XSS)

Software Formsite | Embed online forms to collect orders, registrations, leads, and surveys Type Plugin Vulnerable versions = 1.6 Fixed in 1.7 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-31257 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership...

CRM Perks Forms < 1.1.5 - Authenticated (Contributor+) SQL Injection

Description The CRM Perks Forms plugin for WordPress is vulnerable to SQL Injection in versions up to, and including, 1.1.4 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers,...

PT-2024-21091 · Esri · Esri Portal For Arcgis

Name of the Vulnerable Software and Affected Versions: Esri Portal for ArcGIS versions 11.1 and below Description: The issue is a cross-site-request forgery vulnerability that may allow a remote, unauthenticated attacker to trick an authorized user into executing unwanted actions via a crafted...

CRM Perks Forms < 1.1.5 - Authenticated (Contributor+) Stored Cross-Site Scripting

Description The CRM Perks Forms plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 1.1.4 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to...

CRM Perks Forms < 1.1.5 - Unauthenticated SQL Injection

Description The CRM Perks Forms plugin for WordPress is vulnerable to SQL Injection in versions up to, and including, 1.1.4 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for unauthenticated attacker...

Contact Forms by Cimatti <= 1.8.0 - Authenticated (Administrator+) Stored Cross-Site Scripting

Description The WordPress Contact Forms by Cimatti plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 1.8.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...

MailChimp Forms by MailMunch < 3.2.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode

Description The MailChimp Forms by MailMunch plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcode in all versions up to, and including, 3.2.2 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...

CVE-2024-30549

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in cimatti Contact Forms by Cimatti contact-forms.This issue affects Contact Forms by Cimatti: from n/a through = 1.8.0...

CVE-2024-30549

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Cimatti Consulting Contact Forms by Cimatti allows Stored XSS.This issue affects Contact Forms by Cimatti: from n/a through 1.8.0...

CVE-2024-30549

CVE-2024-30549 is an stored XSS in Cimatti Contact Forms (WordPress plugin) up to version 1.8.0, caused by improper neutralization of input during web page generation. The Red Hat advisory restates the vulnerability description, confirming the issue exists in Cimatti Contact Forms. Public exploit...

CVE-2024-30549 WordPress Contact Forms by Cimatti plugin <= 1.8.0 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in cimatti Contact Forms by Cimatti contact-forms.This issue affects Contact Forms by Cimatti: from n/a through = 1.8.0...

CVE-2024-30549 WordPress Contact Forms by Cimatti plugin <= 1.8.0 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in cimatti Contact Forms by Cimatti contact-forms.This issue affects Contact Forms by Cimatti: from n/a through = 1.8.0...

CVE-2024-30489

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in loopus WP Cost Estimation & Payment Forms Builder.This issue affects WP Cost Estimation & Payment Forms Builder: from n/a through 10.1.75...

CVE-2024-30489

CVE-2024-30489 affects WP Cost Estimation & Payment Forms Builder for WordPress. Root cause: improper neutralization of SQL elements in a query, enabling SQL injection. Affected versions are up to 10.1.75 (n/a–10.1.75). CVSS v3.1 base score 8.5 (HIGH) with Attack Vector: Network, Attack Complexit...

CVE-2024-30489 WordPress WP Cost Estimation & Payment Forms Builder plugin <= 10.1.75 - SQL Injection vulnerability

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in loopus WP Cost Estimation & Payment Forms Builder.This issue affects WP Cost Estimation & Payment Forms Builder: from n/a through 10.1.75...

CVE-2024-30489 WordPress WP Cost Estimation & Payment Forms Builder plugin <= 10.1.75 - SQL Injection vulnerability

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in loopus WP Cost Estimation & Payment Forms Builder.This issue affects WP Cost Estimation & Payment Forms Builder: from n/a through 10.1.75...

PT-2024-23415 · WordPress · Loopus Wp Cost Estimation & Payment Forms Builder

Name of the Vulnerable Software and Affected Versions: WP Cost Estimation & Payment Forms Builder versions through 10.1.75 Description: The issue is related to an SQL Injection vulnerability due to improper neutralization of special elements used in an SQL command. This allows for potential...