8201 matches found
Input validation
The Piotnet Forms plugin for WordPress is vulnerable to arbitrary file uploads due to insufficient file type validation in the 'piotnetformsajaxformbuilder' function in versions up to, and including, 1.0.26. This makes it possible for unauthenticated attackers to upload arbitrary files on the...
CVE-2023-6220 Piotnet Forms <= 1.0.28 - Unauthenticated Arbitrary File Upload
The Piotnet Forms plugin for WordPress is vulnerable to arbitrary file uploads due to insufficient file type validation in the 'piotnetformsajaxformbuilder' function in versions up to, and including, 1.0.28. This makes it possible for unauthenticated attackers to upload arbitrary files on the...
CVE-2023-6220 Piotnet Forms <= 1.0.28 - Unauthenticated Arbitrary File Upload
The Piotnet Forms plugin for WordPress is vulnerable to arbitrary file uploads due to insufficient file type validation in the 'piotnetformsajaxformbuilder' function in versions up to, and including, 1.0.28. This makes it possible for unauthenticated attackers to upload arbitrary files on the...
CVE-2023-6220
CVE-2023-6220 concerns the Piotnet Forms WordPress plugin (versions up to and including 1.0.26). The vulnerability arises from insufficient file type validation in the function piotnetforms_ajax_form_builder, allowing unauthenticated attackers to upload arbitrary files to the server, with potenti...
WordPress Plugin Piotnet Forms Security Vulnerability
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...
PT-2024-14900 · WordPress · Piotnet Forms
Name of the Vulnerable Software and Affected Versions: Piotnet Forms plugin for WordPress versions up to, and including, 1.0.26 Description: The issue is related to insufficient file type validation in the piotnetforms ajax form builder function, allowing unauthenticated attackers to upload...
WordPress Constant Contact Forms by MailMunch Plugin <= 2.0.11 is vulnerable to Cross Site Scripting (XSS)
Software Constant Contact Forms by MailMunch Type Plugin Vulnerable versions = 2.0.11 Fixed in 2.1.0 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-22137 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID b5a15405c8cf Credits Khalid Yusuf...
Formidable Forms < 6.7.1 - HTML Injection
Description The plugin is vulnerable to HTML injection in versions up to, and including, 6.7. This vulnerability allows unauthenticated users to inject arbitrary HTML code into form fields. When the form data is viewed by an administrator in the Entries View Page, the injected HTML code is...
Formidable Forms < 6.7.1 - Admin+ Stored Cross-Site Scripting
Description The plugin is vulnerable to Stored Cross-Site Scripting via the name field label and description field label parameter in all versions up to 6.7 inclusive due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...
CVE-2023-6842
The Formidable Forms – Contact Form, Survey, Quiz, Payment, Calculator Form & Custom Form Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the name field label and description field label parameter in all versions up to 6.7 inclusive due to insufficient input...
CVE-2023-6842
The Formidable Forms – Contact Form, Survey, Quiz, Payment, Calculator Form & Custom Form Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the name field label and description field label parameter in all versions up to 6.7 inclusive due to insufficient input...
CVE-2023-6830
The Formidable Forms plugin for WordPress is vulnerable to HTML injection in versions up to, and including, 6.7. This vulnerability allows unauthenticated users to inject arbitrary HTML code into form fields. When the form data is viewed by an administrator in the Entries View Page, the injected...
Input validation
The Formidable Forms plugin for WordPress is vulnerable to HTML injection in versions up to, and including, 6.7. This vulnerability allows unauthenticated users to inject arbitrary HTML code into form fields. When the form data is viewed by an administrator in the Entries View Page, the injected...
CVE-2023-6842 Formidable Forms <= 6.7 - Authenticated (Administrator+) Stored Cross-Site Scripting
The Formidable Forms – Contact Form, Survey, Quiz, Payment, Calculator Form & Custom Form Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the name field label and description field label parameter in all versions up to 6.7 inclusive due to insufficient input...
CVE-2023-6842
The CVE-2023-6842 entry concerns Formidable Forms for WordPress, where Stored Cross-Site Scripting is possible via the name and description field labels in all versions up to 6.7. Root cause: insufficient input sanitization and output escaping. Impact: authenticated attackers with administrator-l...
CVE-2023-6830 Formidable Forms <= 6.7 - HTML Injection
The Formidable Forms plugin for WordPress is vulnerable to HTML injection in versions up to, and including, 6.7. This vulnerability allows unauthenticated users to inject arbitrary HTML code into form fields. When the form data is viewed by an administrator in the Entries View Page, the injected...
CVE-2023-6830
CVE-2023-6830 affects the WordPress plugin Formidable Forms (
WordPress Plugin Formidable Forms Security Vulnerability
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. WordPress is a blogging platform developed in the PHP language that supports personal blogs on PHP and MySQL servers.WordPress plugin is an application...
WordPress Plugin Formidable Forms Security Vulnerability
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A security vulnerability exists in WordPres...
WordPress Formidable Forms Plugin <= 6.7 is vulnerable to Cross Site Scripting (XSS)
Software Formidable Forms Type Plugin Vulnerable versions = 6.7 Fixed in 6.7.1 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-6842 Patch priority Low CVSS severity Low 5.9 Developer Claim ownership PSID 9bd3f7b9f18e Credits drop Required privilege...