CVE-2022-0402 Superforms < 6.0.4 - Reflected Cross-Site Scripting

The Super Forms - Drag & Drop Form Builder WordPress plugin before 6.0.4 does not escape the bobczypanstwasprawazostalarozwiazana parameter before outputting it back in an attribute via the superlanguageswitcher AJAX action, leading to a Reflected Cross-Site Scripting. The action is also lacking...

CVE-2022-0402 Superforms < 6.0.4 - Reflected Cross-Site Scripting

The Super Forms - Drag & Drop Form Builder WordPress plugin before 6.0.4 does not escape the bobczypanstwasprawazostalarozwiazana parameter before outputting it back in an attribute via the superlanguageswitcher AJAX action, leading to a Reflected Cross-Site Scripting. The action is also lacking...

CVE-2022-0402

CVE-2022-0402 affects the WordPress plugin Super Forms – Drag & Drop Form Builder prior to 6.0.4. The vulnerability arises because the parameter named in the description (bob_czy_panstwa_sprawa_zostala_rozwiazana) is not escaped before being echoed back in an attribute via the super_language_swit...

WordPress plugin Formidable Forms security vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. WordPress plugin is an application plugin that supports personal blog sites on servers running PHP and MySQL. A security vulnerability in the WordPress...

PT-2024-11503 · WordPress · The Super Forms - Drag & Drop Form Builder

Name of the Vulnerable Software and Affected Versions: The Super Forms - Drag & Drop Form Builder WordPress plugin versions prior to 6.0.4 Description: The issue is related to a Reflected Cross-Site Scripting problem. The bob czy panstwa sprawa zostala rozwiazana parameter is not properly escaped...

WordPress plugin Super Forms security vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. WordPress is a blogging platform developed in the PHP language that supports personal blogs on PHP and MySQL servers.WordPress plugin is an application...

CVE-2023-6941

The Keap Official Opt-in Forms WordPress plugin through 1.0.11 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example, in multisite set...

Cross site scripting

The Keap Official Opt-in Forms WordPress plugin through 1.0.11 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example, in multisite set...

CVE-2023-4925 Easy Forms for Mailchimp <= 6.8.10 - Admin+ Stored Cross-Site Scripting

The Easy Forms for Mailchimp WordPress plugin through 6.8.10 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Cross-Site Scripting attacks even when unfilteredhtml is disallowed...

CVE-2023-6941

The CVE concerns the Keap Official Opt-in Forms WordPress plugin, affected versions 1.0.11 and earlier. The vulnerability is Admin+ Stored XSS caused by insufficient sanitisation/escaping of settings (e.g., Opt in title, message, success text), which can execute scripts in the context of high-pri...

WordPress Plugin Easy Forms for Mailchimp Security Vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A security vulnerability exists in WordPres...

PT-2024-13708 · WordPress · Easy Forms For Mailchimp

Name of the Vulnerable Software and Affected Versions: Easy Forms for Mailchimp WordPress plugin versions 6.8.10 and earlier Description: The issue concerns the lack of proper sanitization and escaping of some settings in the plugin, which could allow high-privilege users, such as administrators,...

PT-2024-15133 · WordPress · Keap Official Opt-In Forms

Name of the Vulnerable Software and Affected Versions: Keap Official Opt-in Forms WordPress plugin versions 1.0.11 and earlier Description: The issue allows high privilege users, such as admins, to perform Stored Cross-Site Scripting attacks due to the plugin's failure to sanitise and escape some...

CVE-2024-22137

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in MailMunch Constant Contact Forms by MailMunch allows Stored XSS.This issue affects Constant Contact Forms by MailMunch: from n/a through 2.0.11...

CVE-2024-22137

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in MailMunch Constant Contact Forms by MailMunch allows Stored XSS.This issue affects Constant Contact Forms by MailMunch: from n/a through 2.0.11...

Cross site scripting

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in MailMunch Constant Contact Forms by MailMunch allows Stored XSS.This issue affects Constant Contact Forms by MailMunch: from n/a through 2.0.11...

WordPress Plugin MailMunch Constant Contact Forms Cross-Site Scripting Vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A cross-site scripting vulnerability exists...

CVE-2024-22137

CVE-2024-22137 affects Constant Contact Forms by MailMunch (WordPress plugin)

CVE-2024-22137 WordPress Constant Contact Forms by MailMunch Plugin <= 2.0.11 is vulnerable to Cross Site Scripting (XSS)

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in MailMunch Constant Contact Forms by MailMunch allows Stored XSS.This issue affects Constant Contact Forms by MailMunch: from n/a through 2.0.11...

Constant Contact Forms < 2.4.3 - Information Disclosure via Log Files

Description The Constant Contact Forms plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.4.2. This makes it possible for unauthenticated attackers to extract sensitive data from log files...