8200 matches found
WordPress Payment Forms for Paystack Plugin <= 3.4.1 is vulnerable to Cross Site Scripting (XSS)
Software Payment Forms for Paystack Type Plugin Vulnerable versions = 3.4.1 Fixed in N/A OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-5665 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 3391483ec0bd Credits István Márton...
CVE-2024-24771
Open Forms allows users create and publish smart forms. Versions prior to 2.2.9, 2.3.7, 2.4.5, and 2.5.2 contain a non-exploitable multi-factor authentication weakness. Superusers who have their credentials username + password compromised could potentially have the second-factor authentication...
CVE-2024-24771
Open Forms allows users create and publish smart forms. Versions prior to 2.2.9, 2.3.7, 2.4.5, and 2.5.2 contain a non-exploitable multi-factor authentication weakness. Superusers who have their credentials username + password compromised could potentially have the second-factor authentication...
Design/Logic Flaw
Open Forms allows users create and publish smart forms. Versions prior to 2.2.9, 2.3.7, 2.4.5, and 2.5.2 contain a non-exploitable multi-factor authentication weakness. Superusers who have their credentials username + password compromised could potentially have the second-factor authentication...
CVE-2024-24771
Open Forms CVE-2024-24771 affects multiple versions prior to 2.2.9, 2.3.7, 2.4.5, and 2.5.2, with a non-exploitable MFA weakness that could allow a second-factor bypass if a superuser’s credentials are compromised. Attack could let the attacker view sensitive submissions or impersonate staff if b...
CVE-2024-24771 Open Forms potential multi-factor authentication bypass
Open Forms allows users create and publish smart forms. Versions prior to 2.2.9, 2.3.7, 2.4.5, and 2.5.2 contain a non-exploitable multi-factor authentication weakness. Superusers who have their credentials username + password compromised could potentially have the second-factor authentication...
CVE-2024-24771 Open Forms potential multi-factor authentication bypass
Open Forms allows users create and publish smart forms. Versions prior to 2.2.9, 2.3.7, 2.4.5, and 2.5.2 contain a non-exploitable multi-factor authentication weakness. Superusers who have their credentials username + password compromised could potentially have the second-factor authentication...
CVE-2024-24771 Open Forms potential multi-factor authentication bypass
Open Forms allows users create and publish smart forms. Versions prior to 2.2.9, 2.3.7, 2.4.5, and 2.5.2 contain a non-exploitable multi-factor authentication weakness. Superusers who have their credentials username + password compromised could potentially have the second-factor authentication...
PT-2024-20549 · Unknown · Open Forms
Name of the Vulnerable Software and Affected Versions: Open Forms versions prior to 2.2.9 Open Forms versions prior to 2.3.7 Open Forms versions prior to 2.4.5 Open Forms versions prior to 2.5.2 Description: Open Forms allows users to create and publish smart forms. The software contains a...
Open Forms Security Vulnerability
Open Forms is Open Formulieren open source an intelligent dynamic form . Used to quickly create a powerful and intelligent forms exposed through the API . A security vulnerability exists in Open Forms versions prior to 2.2.8, 2.3.6, 2.4.4, 2.5.1, which stems from an authentication bypass...
WordPress Advanced Forms Plugin <= 1.9.3.2 is vulnerable to Broken Access Control
Software Advanced Forms Type Plugin Vulnerable versions = 1.9.3.2 Fixed in 1.9.3.3 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2024-1121 Patch priority Low CVSS severity Low 5.3 Developer Claim ownership PSID 5521bfbfd051 Credits Francesco Carlucci Required...
CVE-2024-1121
The Advanced Forms for ACF plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the exportjsonfile function in all versions up to, and including, 1.9.3.2. This makes it possible for unauthenticated attackers to export form settings...
CVE-2024-0660
The Formidable Forms – Contact Form, Survey, Quiz, Payment, Calculator Form & Custom Form Builder plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 6.7.2. This is due to missing or incorrect nonce validation on the updatesettings function. This...
CVE-2024-0660
The Formidable Forms – Contact Form, Survey, Quiz, Payment, Calculator Form & Custom Form Builder plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 6.7.2. This is due to missing or incorrect nonce validation on the updatesettings function. This...
CVE-2024-0372
The Views for WPForms – Display & Edit WPForms Entries on your site frontend plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the 'getformfields' function in all versions up to, and including, 3.2.2. This makes it possible for authenticated...
Cross site request forgery (csrf)
The Formidable Forms – Contact Form, Survey, Quiz, Payment, Calculator Form & Custom Form Builder plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 6.7.2. This is due to missing or incorrect nonce validation on the updatesettings function. This...
CVE-2023-6953
The PDF Generator For Fluent Forms – The Contact Form Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the header, PDF body and footer content parameters in all versions up to, and including, 1.1.7 due to insufficient input sanitization and output escaping. This makes ...
CVE-2024-0660
The CVE-2024-0660 entry concerns Formidable Forms for WordPress with CSRF in the update_settings path. Exact root cause: missing or incorrect nonce validation allows unauthenticated attackers to submit forged requests that alter form settings and inject malicious JavaScript, by prompting a site a...
CVE-2024-0660 Formidable Forms <= 6.7.2 - Cross-Site Request Forgery to Stored Cross-Site Scripting
The Formidable Forms – Contact Form, Survey, Quiz, Payment, Calculator Form & Custom Form Builder plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 6.7.2. This is due to missing or incorrect nonce validation on the updatesettings function. This...
CVE-2024-0660 Formidable Forms <= 6.7.2 - Cross-Site Request Forgery to Stored Cross-Site Scripting
The Formidable Forms – Contact Form, Survey, Quiz, Payment, Calculator Form & Custom Form Builder plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 6.7.2. This is due to missing or incorrect nonce validation on the updatesettings function. This...