PT-2024-17471 · WordPress · Kali Forms

Name of the Vulnerable Software and Affected Versions: Kali Forms plugin for WordPress versions prior to 2.3.42 Description: The Kali Forms plugin for WordPress is affected by an issue that allows unauthorized access and modification of data via API due to an inconsistent capability check on...

Contact Form builder with drag & drop for WordPress – Kali Forms < 2.3.42 - Missing Authorization

Description The Contact Form builder with drag & drop for WordPress – Kali Forms plugin for WordPress is vulnerable to unauthorized access and modification of data via API due to an inconsistent capability check on several REST endpoints in all versions up to, and including, 2.3.41. This makes it...

Darktrace Threat Visualizer Security Vulnerability

Darktrace Threat Visualizer is a component of one of Darktrace's security solutions for visualizing network threats and anomalous behavior. A security vulnerability exists in Darktrace Threat Visualizer version 6.1.27 and earlier. An attacker exploited the vulnerability to conduct open redirects...

Easy Forms for Mailchimp <= 6.9.0 - Sensitive Information Exposure via logfile

Description The plugin stores its logs at a predictable path, making it easy for anyone to leak their content...

Sensitive Information Disclosure

typo3/cms-core is vulnerable to Sensitive Information Disclosure. The vulnerability is due to password hashes being inadvertently reflected in editing forms. An attacker can potentially crack plaintext passwords through brute force techniques...

NEX-Forms – Ultimate Form Builder < 8.5.6 - Authenticated (Contributor+) Stored Cross-Site Scripting via shortcode

Description The NEX-Forms – Ultimate Form Builder – Contact forms and much more plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcodes in all versions up to, and including, 8.5.5 due to insufficient input sanitization and output escaping on user supplied...

CVE-2024-25119

TYPO3 is an open source PHP based web content management system released under the GNU GPL. The plaintext value of $GLOBALS'SYS''encryptionKey' was displayed in the editing forms of the TYPO3 Install Tool user interface. This allowed attackers to utilize the value to generate cryptographic hashes...

CVE-2024-25118 Information Disclosure of Hashed Passwords in TYPO3 Backend Forms

TYPO3 is an open source PHP based web content management system released under the GNU GPL. Password hashes were being reflected in the editing forms of the TYPO3 backend user interface. This allowed attackers to crack the plaintext password using brute force techniques. Exploiting this...

GHSA-38R2-5695-334W TYPO3 Backend Forms vulnerable to Information Disclosure of Hashed Passwords

Problem Password hashes were being reflected in the editing forms of the TYPO3 backend user interface. This allowed attackers to crack the plaintext password using brute force techniques. Exploiting this vulnerability requires a valid backend user account. Solution Update to TYPO3 versions 8.7.57...

TYPO3 Backend Forms vulnerable to Information Disclosure of Hashed Passwords

Problem Password hashes were being reflected in the editing forms of the TYPO3 backend user interface. This allowed attackers to crack the plaintext password using brute force techniques. Exploiting this vulnerability requires a valid backend user account. Solution Update to TYPO3 versions 8.7.57...

PT-2024-20759 · Typo3 · Typo3

Name of the Vulnerable Software and Affected Versions: TYPO3 versions prior to 8.7.57 ELTS TYPO3 versions prior to 9.5.46 ELTS TYPO3 versions prior to 10.4.43 ELTS TYPO3 versions prior to 11.5.35 LTS TYPO3 versions prior to 12.4.11 LTS TYPO3 versions prior to 13.0.1 Description: The issue concern...

TYPO3 Information Disclosure Vulnerability

TYPO3 is a free and open source content management system framework CMS/CMF from the TYPO3 Association in Switzerland. An information disclosure vulnerability exists in TYPO3 versions 8.0.0-8.7.56, 9.0.0-9.5.45, 10.0.0-10.4.42, 11.0.0-11.5.34, 12.0.0-12.4.10, and 13.0.0, which stems from the...

PT-2024-20760 · Typo3 · Typo3

Name of the Vulnerable Software and Affected Versions: TYPO3 versions prior to 8.7.57 ELTS TYPO3 versions prior to 9.5.46 ELTS TYPO3 versions prior to 10.4.43 ELTS TYPO3 versions prior to 11.5.35 LTS TYPO3 versions prior to 12.4.11 LTS TYPO3 versions prior to 13.0.1 Description: The plaintext val...

WordPress Easy Forms for Mailchimp Plugin <= 6.9.0 is vulnerable to Sensitive Data Exposure

Software Easy Forms for Mailchimp Type Plugin Vulnerable versions = 6.9.0 Fixed in N/A OWASP Top 10 A9: Security Logging and Monitoring Failures Classification Sensitive Data Exposure CVE CVE-2024-25095 Patch priority Low CVSS severity Low 7.5 Developer Claim ownership PSID 268130a7347a Credits...

WordPress NEX-Forms – Ultimate Form Builder Plugin <= 8.5.5 is vulnerable to Cross Site Scripting (XSS)

Software NEX-Forms – Ultimate Form Builder Type Plugin Vulnerable versions = 8.5.5 Fixed in 8.5.6 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-25593 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 87e47cb4335f Credits Ngô Thiên An ancorn...

CVE-2024-24819 icingaweb2-module-incubator base implementation for HTML forms is susceptible to CSRF

icingaweb2-module-incubator is a working project of bleeding edge Icinga Web 2 libraries. In affected versions the class gipfl\Web\Form is the base for various concrete form implementations 1 and provides protection against cross site request forgery CSRF by default. This is done by automatically...

CVE-2023-5665

The Payment Forms for Paystack plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcodes in all versions up to, and including, 3.4.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated...

Cross site scripting

The Payment Forms for Paystack plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcodes in all versions up to, and including, 3.4.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated...

CVE-2023-5665 Payment Forms for Paystack <= 3.4.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode

The Payment Forms for Paystack plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcodes in all versions up to, and including, 3.4.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated...

WordPress Payment Forms for Paystack Plugin <= 3.4.1 is vulnerable to Cross Site Scripting (XSS)

Software Payment Forms for Paystack Type Plugin Vulnerable versions = 3.4.1 Fixed in N/A OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-5665 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 3391483ec0bd Credits István Márton...