CVE-2024-1130 NEX-Forms – Ultimate Form Builder – Contact forms and much more <= 8.5.6 - Missing Authorization via set_read()

The NEX-Forms – Ultimate Form Builder – Contact forms and much more plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on the setread function in all versions up to, and including, 8.5.6. This makes it possible for authenticated attackers, with...

CVE-2024-1130

The CVE CVE-2024-1130 concerns the WordPress plugin NEX-Forms – Ultimate Form Builder. A missing capability check in the set_read() function allowed authenticated users with subscriber+ access to mark records as read, affecting all versions up to 8.5.6. Publicly disclosed remediation indicates th...

CVE-2024-1129 NEX-Forms – Ultimate Form Builder – Contact forms and much more <= 8.5.6 - Missing Authorization via set_starred()

The NEX-Forms – Ultimate Form Builder – Contact forms and much more plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on the setstarred function in all versions up to, and including, 8.5.6. This makes it possible for authenticated attackers, with...

CVE-2024-0907

The NEX-Forms – Ultimate Form Builder – Contact forms and much more plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on the restorerecords function in all versions up to, and including, 8.5.6. This makes it possible for authenticated attackers, with...

CVE-2024-0907

CVE-2024-0907 affects the WordPress plugin NEX-Forms – Ultimate Form Builder (restore_records() function). Root cause: missing capability check allows unauthorized access to restore records. Affected versions: all up to and including 8.5.6 (per CVE entry). Impact: authenticated users with subscri...

CVE-2024-1129

CVE-2024-1129 concerns NEX-Forms – Ultimate Form Builder for WordPress. The vulnerability is due to a missing capability check in set_starred() across all versions up to 8.5.6, allowing authenticated subscribers+ to mark records as starred. Connected sources indicate a patch in version 8.5.7 (and...

CVE-2024-1129 NEX-Forms – Ultimate Form Builder – Contact forms and much more <= 8.5.6 - Missing Authorization via set_starred()

The NEX-Forms – Ultimate Form Builder – Contact forms and much more plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on the setstarred function in all versions up to, and including, 8.5.6. This makes it possible for authenticated attackers, with...

CVE-2024-0907 NEX-Forms – Ultimate Form Builder – Contact forms and much more <= 8.5.6 - Missing Authorization via restore_records()

The NEX-Forms – Ultimate Form Builder – Contact forms and much more plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on the restorerecords function in all versions up to, and including, 8.5.6. This makes it possible for authenticated attackers, with...

PT-2024-16894 · WordPress · Nex-Forms

Name of the Vulnerable Software and Affected Versions: NEX-Forms – Ultimate Form Builder – Contact forms and much more plugin for WordPress versions up to, and including, 8.5.6 Description: The issue is related to unauthorized access due to a missing capability check on the set read function. Thi...

PT-2024-14459 · Keap · Keap Official Opt-In Forms

Name of the Vulnerable Software and Affected Versions: Keap Official Opt-in Forms versions 1.0.11 and earlier Description: The issue is related to improper neutralization of input during web page generation, which allows for stored cross-site scripting XSS. This means that an attacker can inject...

PT-2024-14250 · Unknown · Everest Forms

Name of the Vulnerable Software and Affected Versions: Everest Forms – Build Contact Forms, Surveys, Polls, Application Forms, and more with Ease! versions n/a through 2.0.4.1 Description: The issue is related to Improper Neutralization of Input During Web Page Generation, also known as Cross-sit...

WordPress plugin Everest Forms cross-site scripting vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers running PHP and MySQL.WordPress plugin is an application plugin. A cross-site scripting vulnerabilit...

WordPress plugin Keap Official Opt-in Forms Cross-Site Scripting Vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. WordPress plugin is an application plugin that supports personal blogs on PHP and MySQL servers. A cross-site scripting vulnerability exists in the...

WordPress plugin CRM Perks Forms Cross-Site Scripting Vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A cross-site scripting vulnerability exists...

WordPress Ninja Forms Plugin <= 3.7.1 is vulnerable to SQL Injection

Software Ninja Forms Type Plugin Vulnerable versions = 3.7.1 Fixed in 3.7.2 OWASP Top 10 A1: Injection Classification SQL Injection CVE CVE-2024-0685 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 31275f8ebaee Credits stealthcopter Required privilege Unauthenticated...

PT-2024-15748 · WordPress · The Ninja Forms Contact Form – The Drag/Drop Form Builder For Wordpress

Name of the Vulnerable Software and Affected Versions: The Ninja Forms Contact Form – The Drag and Drop Form Builder for WordPress plugin for WordPress versions up to, and including, 3.7.1 Description: The issue is related to Second Order SQL Injection via the email address value submitted throug...

PT-2024-16885 · WordPress · Nex-Forms

Name of the Vulnerable Software and Affected Versions: NEX-Forms – Ultimate Form Builder – Contact forms and much more plugin for WordPress versions up to, and including, 8.5.6 Description: The issue is related to unauthorized access due to a missing capability check on the set starred function...

WordPress NEX-Forms – Ultimate Form Builder Plugin <= 8.5.6 is vulnerable to Broken Access Control

Software NEX-Forms – Ultimate Form Builder Type Plugin Vulnerable versions = 8.5.6 Fixed in 8.5.7 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2024-1130 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID f9684d11e16a Credits Francesco...

PT-2024-14189 · WordPress · Crm Perks Forms – Wordpress Form Builder

Name of the Vulnerable Software and Affected Versions: CRM Perks Forms – WordPress Form Builder versions 1.1.2 and earlier Description: The issue is related to Improper Neutralization of Input During Web Page Generation, also known as Cross-site Scripting, which allows Stored XSS. This means that...

PT-2024-15911 · WordPress · Nex-Forms

Name of the Vulnerable Software and Affected Versions: NEX-Forms – Ultimate Form Builder – Contact forms and much more plugin for WordPress versions up to, and including, 8.5.6 Description: The issue is related to unauthorized access due to a missing capability check on the restore records...