CVE-2024-2108

The Ninja Forms Contact Form – The Drag and Drop Form Builder for WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via an image title embedded into a form in all versions up to, and including, 3.8.0 due to insufficient input sanitization and output escaping. This makes ...

CVE-2024-2113

CVE-2024-2113 affects Ninja Forms Contact Form – The Drag and Drop Form Builder for WordPress up to version 3.8.0. The vulnerability arises from missing or incorrect nonce validation on the nf_download_all_subs AJAX action, enabling unauthenticated attackers to trigger exporting a form’s submissi...

CVE-2024-2113 Ninja Forms Contact Form – The Drag and Drop Form Builder for WordPress <= 3.8.0 - Cross-Site Request Forgery to Publicly Accessible Form Submission Export

The Ninja Forms Contact Form – The Drag and Drop Form Builder for WordPress plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 3.8.0. This is due to missing or incorrect nonce validation on the nfdownloadallsubs AJAX action. This makes it possib...

CVE-2024-2113

The Ninja Forms Contact Form – The Drag and Drop Form Builder for WordPress plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 3.8.0. This is due to missing or incorrect nonce validation on the nfdownloadallsubs AJAX action. This makes it possib...

PT-2024-20262 · WordPress · Masterstudy Lms

Name of the Vulnerable Software and Affected Versions: MasterStudy LMS plugin for WordPress versions up to, and including, 3.3.1 Description: The issue is due to insufficient validation checks within the register user function called by the 'wp ajax nopriv stm lms register' AJAX action. This allo...

MasterStudy LMS < 3.3.2 - Unauthenticated Privilege Escalation

Description The plugin is vulnerable to Privilege Escalation due to insufficient validation checks within the registeruser function called by the 'wpajaxnoprivstmlmsregister' AJAX action. This makes it possible for unauthenticated attackers to register a user with administrator-level privileges...

PT-2024-23374 · Crm Perks · Crm Perks Forms

Name of the Vulnerable Software and Affected Versions: CRM Perks Forms versions 1.1.4 and earlier Description: The issue is related to Improper Neutralization of Input During Web Page Generation, also known as Cross-site Scripting, allowing Stored XSS. This means that an attacker can inject...

WordPress Contact Forms by Cimatti Plugin <= 1.8.0 is vulnerable to Cross Site Scripting (XSS)

Software Contact Forms by Cimatti Type Plugin Vulnerable versions = 1.8.0 Fixed in 1.9.1 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-30549 Patch priority Low CVSS severity Low 5.9 Developer Cimatti Consulting PSID 4e21af5dfa9c Credits Joel Indra Required...

WordPress Ninja Forms Plugin <= 3.8.0 is vulnerable to Cross Site Request Forgery (CSRF)

Software Ninja Forms Type Plugin Vulnerable versions = 3.8.0 Fixed in 3.8.1 OWASP Top 10 A5: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2024-2113 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID 0a9480169593 Credits Tobias Weißhaar kun19...

WordPress Ninja Forms Plugin <= 3.8.0 is vulnerable to Cross Site Scripting (XSS)

Software Ninja Forms Type Plugin Vulnerable versions = 3.8.0 Fixed in 3.8.1 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-2108 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 4832fe1e0bfc Credits Tim Coen Required privilege...

WordPress Plugin Ninja Forms Contact Form 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. WordPress is a blogging platform developed using the PHP language, which supports personal blogs on PHP and MySQL servers.WordPress plugin is an...

WordPress Plugin CRM Perks Forms SQL注入漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A SQL injection vulnerability exists in...

Ninja Forms Contact Form < 3.8.1 - Author+ Stored XSS

Description The plugin is vulnerable to Stored Cross-Site Scripting via an image title embedded into a form due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with author-level access and above, to inject arbitrary web scripts in pages...

PT-2024-23425 · Unknown · Crm Perks Forms

Name of the Vulnerable Software and Affected Versions: CRM Perks Forms versions 1.1.4 and earlier Description: The issue is related to an SQL Injection vulnerability due to the improper neutralization of special elements used in an SQL command. This allows for potential exploitation by injecting...

WordPress Plugin Ninja Forms Contact Form 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. WordPress is a blogging platform developed using the PHP language, which supports personal blogs on PHP and MySQL servers.WordPress plugin is an...

WordPress Plugin CRM Perks Forms 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A cross-site scripting vulnerability exists...

PT-2024-23424

Name of the Vulnerable Software and Affected Versions CRM Perks Forms versions 1.1.4 and earlier Description The issue is related to an SQL Injection vulnerability due to the improper neutralization of special elements used in an SQL command. This allows for potential exploitation by injecting...

WordPress Plugin CRM Perks Forms SQL注入漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A SQL injection vulnerability exists in...

Ninja Forms Contact Form < 3.8.1 - Publicly Accessible Form Submission Export via CSRF

Description The plugin is vulnerable to Cross-Site Request Forgery This is due to missing or incorrect nonce validation on the nfdownloadallsubs AJAX action. This makes it possible for unauthenticated attackers to trigger an export of a form's submission to a publicly accessible location via a...

WordPress CRM Perks Forms Plugin <= 1.1.4 is vulnerable to Cross Site Scripting (XSS)

Software CRM Perks Forms Type Plugin Vulnerable versions = 1.1.4 Fixed in 1.1.5 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-30446 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 7cd056009948 Credits LVT-tholv2k Required privilege...