Zoho Forms < 3.0.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode

Description The Zoho Forms plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcodes in all versions up to, and including 3.0.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated...

NEX-Forms – Ultimate Form Builder < 8.5.5 - Cross-Site Request Forgery

Description The NEX-Forms – Ultimate Form Builder plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 8.5.2. This is due to missing or incorrect nonce validation on a function. This makes it possible for unauthenticated attackers to perform an...

CRM Perks Forms < 1.1.3 - Authenticated (Administrator+) Stored Cross-Site Scripting

Description The CRM Perks Forms – WordPress Form Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 1.1.2 due to insufficient input sanitization and output escaping on the label field. This makes it possible for...

PT-2024-14417 · Unknown · Basix Nex-Forms

Name of the Vulnerable Software and Affected Versions: Basix NEX-Forms – Ultimate Form Builder – Contact forms and much more versions n/a through 8.5.2 Description: The issue is a Cross-Site Request Forgery CSRF vulnerability. This type of vulnerability allows an attacker to trick a user into...

WordPress Keap Official Opt-in Forms Plugin <= 2.0.1 is vulnerable to Cross Site Scripting (XSS)

Software Keap Official Opt-in Forms Type Plugin Vulnerable versions = 2.0.1 Fixed in N/A OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2023-52192 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 43abbc32aaec Credits Ngô Thiên An ancorn from...

MC4WP < 4.9.10 - Unauthenticated Unpublished Form Preview

Description The plugin is vulnerable to unauthorized access of data due to a missing capability check on the 'listen' function, allowing unauthenticated attackers to preview unpublished forms...

WordPress Constant Contact Forms Plugin <= 2.4.2 is vulnerable to Sensitive Data Exposure

Software Constant Contact Forms Type Plugin Vulnerable versions = 2.4.2 Fixed in 2.4.3 OWASP Top 10 A9: Security Logging and Monitoring Failures Classification Sensitive Data Exposure CVE CVE-2023-52208 Patch priority Low CVSS severity Low 5.3 Developer Claim ownership PSID 93880a901c0f Credits...

Piotnet Forms < 1.0.30 - Missing Authorization via multiple AJAX actions

Description The plugin is vulnerable to unauthorized access of data and modification of data due to a missing capability check on multiple AJAX functions, allowing unauthenticated attackers to save draft posts and download arbitrary JSON files from the server...

CVE-2023-51412

Unrestricted Upload of File with Dangerous Type vulnerability in Piotnet Piotnet Forms.This issue affects Piotnet Forms: from n/a through 1.0.25...

CVE-2023-51412

Unrestricted Upload of File with Dangerous Type vulnerability in Piotnet Piotnet Forms.This issue affects Piotnet Forms: from n/a through 1.0.25...

Unrestricted file upload

Unrestricted Upload of File with Dangerous Type vulnerability in Piotnet Piotnet Forms.This issue affects Piotnet Forms: from n/a through 1.0.25...

CVE-2023-51412

CVE-2023-51412 affects Piotnet Forms (WordPress) up to version 1.0.25. The vulnerability is an unauthenticated, unrestricted upload of files with dangerous types (Unauthenticated Arbitrary File Upload). Patch status is Unpatched in the provided sources; no fix version is stated. The CVSS data ind...

CVE-2023-51358

Cross-Site Request Forgery CSRF vulnerability in Bright Plugins Block IPs for Gravity Forms.This issue affects Block IPs for Gravity Forms: from n/a through 1.0.1...

CVE-2023-51358

Cross-Site Request Forgery CSRF vulnerability in Bright Plugins Block IPs for Gravity Forms.This issue affects Block IPs for Gravity Forms: from n/a through 1.0.1...

Cross site request forgery (csrf)

Cross-Site Request Forgery CSRF vulnerability in Bright Plugins Block IPs for Gravity Forms.This issue affects Block IPs for Gravity Forms: from n/a through 1.0.1...

CVE-2023-50891

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Zoho Forms Form plugin for WordPress – Zoho Forms allows Stored XSS.This issue affects Form plugin for WordPress – Zoho Forms: from n/a through 3.0.1...

CVE-2023-50891

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Zoho Forms Form plugin for WordPress – Zoho Forms allows Stored XSS.This issue affects Form plugin for WordPress – Zoho Forms: from n/a through 3.0.1...

Cross site scripting

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Zoho Forms Form plugin for WordPress – Zoho Forms allows Stored XSS.This issue affects Form plugin for WordPress – Zoho Forms: from n/a through 3.0.1...

CVE-2023-51358

CVE-2023-51358 is a Cross-Site Request Forgery (CSRF) vulnerability in the WordPress plugin Block IPs for Gravity Forms . Public records indicate it affects the Gravity Forms Block IPs feature up to version 1.0.1 , with patches applying in newer releases. The connected documents do not provide ex...

CVE-2023-51358 WordPress Block IPs for Gravity Forms Plugin <= 1.0.1 is vulnerable to Cross Site Request Forgery (CSRF)

Cross-Site Request Forgery CSRF vulnerability in Bright Plugins Block IPs for Gravity Forms.This issue affects Block IPs for Gravity Forms: from n/a through 1.0.1...