CVE-2023-6953

CVE-2023-6953: The PDF Generator For Fluent Forms – The Contact Form Plugin (WordPress) is vulnerable to Stored XSS via header, PDF body, and footer content in all versions up to 1.1.7 due to insufficient input sanitization and output escaping. Affected versions are

CVE-2023-6953 PDF Generator For Fluent Forms <= 1.1.7 - Cross-Site Scripting

The PDF Generator For Fluent Forms – The Contact Form Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the header, PDF body and footer content parameters in all versions up to, and including, 1.1.7 due to insufficient input sanitization and output escaping. This makes ...

CVE-2024-1121

CVE-2024-1121 concerns the WordPress plugin Advanced Forms for ACF . The issue is a missing capability check in the function export_json_file(), affecting all versions up to and including 1.9.3.2, enabling unauthenticated attackers to export form settings (unauthorized data access). Public source...

MAL-2024-964 Malicious code in ngpd-merceros-dynamic-forms-fe-components (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware a63c636557949e167ac4cca437135be8c3160f70856ee5911c1817ba2c3f76a9 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Malicious code in ngpd-merceros-dynamic-forms-fe-components (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware a63c636557949e167ac4cca437135be8c3160f70856ee5911c1817ba2c3f76a9 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

PT-2024-15727 · WordPress · Formidable Forms

Name of the Vulnerable Software and Affected Versions: Formidable Forms – Contact Form, Survey, Quiz, Payment, Calculator Form & Custom Form Builder plugin for WordPress versions up to, and including, 6.7.2 Description: The issue is due to missing or incorrect nonce validation on the update...

WordPress plugin PDF Generator For Fluent Forms Security Vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports PHP and MySQL servers to set up a personal blog site. WordPress plugin is an application plug-in. WordPress plugin PDF Generator Fo...

WordPress plugin Formidable Forms security vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. WordPress plugin is an application plugin that supports personal blogs on PHP and MySQL servers. A security vulnerability exists in WordPress plugin...

WordPress plugin Advanced Forms for ACF security vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers running PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability exists in...

PT-2024-16827 · WordPress · Advanced Forms For Acf

Name of the Vulnerable Software and Affected Versions: Advanced Forms for ACF plugin for WordPress versions prior to 1.9.3.3 Description: The issue is related to unauthorized access of data due to a missing capability check on the export json file function. This allows unauthenticated attackers t...

CVE-2024-0685

The Ninja Forms Contact Form – The Drag and Drop Form Builder for WordPress plugin for WordPress is vulnerable to Second Order SQL Injection via the email address value submitted through forms in all versions up to, and including, 3.7.1 due to insufficient escaping on the user supplied parameter...

CVE-2024-0685

The Ninja Forms Contact Form – The Drag and Drop Form Builder for WordPress plugin for WordPress is vulnerable to Second Order SQL Injection via the email address value submitted through forms in all versions up to, and including, 3.7.1 due to insufficient escaping on the user supplied parameter...

CVE-2024-0685

CVE-2024-0685 (Ninja Forms) affects the Ninja Forms Contact Form – The Drag and Drop Form Builder for WordPress plugin. Reported as a Second Order SQL Injection via the email field used in forms, in all versions up to and including 3.7.1. Root cause: insufficient escaping of the user-supplied ema...

CVE-2024-0685 Ninja Forms Contact Form <= 3.7.1 - Unauthenticated Second Order SQL Injection

The Ninja Forms Contact Form – The Drag and Drop Form Builder for WordPress plugin for WordPress is vulnerable to Second Order SQL Injection via the email address value submitted through forms in all versions up to, and including, 3.7.1 due to insufficient escaping on the user supplied parameter...

CVE-2024-0685 Ninja Forms Contact Form <= 3.7.1 - Unauthenticated Second Order SQL Injection

The Ninja Forms Contact Form – The Drag and Drop Form Builder for WordPress plugin for WordPress is vulnerable to Second Order SQL Injection via the email address value submitted through forms in all versions up to, and including, 3.7.1 due to insufficient escaping on the user supplied parameter...

PT-2024-15228 · WordPress · Smart Forms

Name of the Vulnerable Software and Affected Versions: Smart Forms WordPress plugin versions prior to 2.6.87 Description: The issue concerns a lack of authorization in various AJAX actions within the plugin, allowing users with a low role, such as a subscriber, to perform unauthorized actions lik...

Ninja Forms Contact Form < 3.7.2 - Unauthenticated Second Order SQL Injection

Description The plugin is vulnerable to Second Order SQL Injection via the email address value submitted through forms due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for unauthenticated attackers to...

Smart Forms < 2.6.87 - Subscriber+ Arbitrary Entry Deletion

Description The plugin does not have authorisation in various AJAX actions, which could allow users with a role as low as subscriber to call them and perform unauthorised actions such as deleting entries. The plugin also lacks CSRF checks in some places which could allow attackers to make logged ...

WordPress plugin Ninja Forms Contact Form security vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. WordPress is a blogging platform developed in the PHP language that supports personal blogs on PHP and MySQL servers.WordPress plugin is an application...

Smart Forms < 2.6.87 - Subscriber+ Arbitrary Entry Deletion

Description The plugin does not have authorisation in various AJAX actions, which could allow users with a role as low as subscriber to call them and perform unauthorised actions such as deleting entries. The plugin also lacks CSRF checks in some places which could allow attackers to make logged ...