CVE-2023-50891

CVE-2023-50891 affects the WordPress Form plugin Zoho Forms (Zoho Forms) for WordPress, up to version 3.0.1. The issue arises from improper input neutralization during web page generation, enabling Stored Cross-Site Scripting (XSS) via shortcode, exploitable by authenticated users (Contributor+)....

CVE-2023-50891 WordPress Zoho Forms Plugin <= 3.0.1 is vulnerable to Cross Site Scripting (XSS)

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Zoho Forms Form plugin for WordPress – Zoho Forms allows Stored XSS.This issue affects Form plugin for WordPress – Zoho Forms: from n/a through 3.0.1...

CVE-2023-31095

URL Redirection to Untrusted Site 'Open Redirect' vulnerability in CRM Perks Integration for HubSpot and Contact Form 7, WPForms, Elementor, Ninja Forms.This issue affects Integration for HubSpot and Contact Form 7, WPForms, Elementor, Ninja Forms: from n/a through 1.2.8...

CVE-2023-31095

URL Redirection to Untrusted Site 'Open Redirect' vulnerability in CRM Perks Integration for HubSpot and Contact Form 7, WPForms, Elementor, Ninja Forms.This issue affects Integration for HubSpot and Contact Form 7, WPForms, Elementor, Ninja Forms: from n/a through 1.2.8...

Open redirect

URL Redirection to Untrusted Site 'Open Redirect' vulnerability in CRM Perks Integration for HubSpot and Contact Form 7, WPForms, Elementor, Ninja Forms.This issue affects Integration for HubSpot and Contact Form 7, WPForms, Elementor, Ninja Forms: from n/a through 1.2.8...

CVE-2023-32517 WordPress MailChimp Subscribe Forms Plugin <= 4.0.9.3 is vulnerable to Open Redirection

URL Redirection to Untrusted Site 'Open Redirect' vulnerability in PluginOps MailChimp Subscribe Form, Optin Builder, PopUp Builder, Form Builder.This issue affects MailChimp Subscribe Form, Optin Builder, PopUp Builder, Form Builder: from n/a through 4.0.9.3...

CVE-2023-31095

CVE-2023-31095 details an Open Redirect in the WordPress plugin Integration for Contact Form 7 HubSpot (cf7-hubspot). Affected versions are

Local File Inclusion

Winter CMS is vulnerable to Local File Inclusion. The vulnerability is due to improper user input validation within the ColorPicker FormWidget. This issue can be exploited by an attacker with access to the backend forms by including a malicious custom stylesheets via LESS in the ColorPicker...

PT-2023-23151 · Unknown +2 · Contact Form 7 +4

Name of the Vulnerable Software and Affected Versions: CRM Perks Integration for HubSpot and Contact Form 7, WPForms, Elementor, Ninja Forms versions 1.2.8 and earlier Description: The issue is related to a URL Redirection to Untrusted Site, also known as an 'Open Redirect' vulnerability. This...

WordPress Plugin Piotnet Forms Code Issue Vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A code issue vulnerability exists in...

PT-2023-31789 · Unknown · Bright Plugins Block Ips For Gravity Forms

Name of the Vulnerable Software and Affected Versions: Bright Plugins Block IPs for Gravity Forms versions 1.0.1 and earlier Description: A Cross-Site Request Forgery CSRF issue affects the software, allowing unauthorized actions to be performed. This can be exploited by tricking a user into...

WordPress Plugin Block IPs for Gravity Forms Cross-Site Request Forgery Vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. WordPress plugin is an application plugin that supports personal blogs on PHP and MySQL servers. A cross-site request forgery vulnerability exists in...

PT-2023-31705 · Zoho · Zoho Forms Form Plugin For Wordpress

Name of the Vulnerable Software and Affected Versions: Zoho Forms Form plugin for WordPress versions through 3.0.1 Description: The issue is related to Improper Neutralization of Input During Web Page Generation, also known as Cross-site Scripting. This allows Stored XSS, which affects the Zoho...

WordPress Plugin Integration for HubSpot and Contact Form 7, WPForms, Elementor, Ninja Forms Input Validation Error Vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers running PHP and MySQL.WordPress plugin is an application plugin. WordPress Plugin Integration for...

CVE-2023-50838

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Basix NEX-Forms – Ultimate Form Builder – Contact forms and much more.This issue affects NEX-Forms – Ultimate Form Builder – Contact forms and much more: from n/a through 8.5.5...

CVE-2023-50838

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Basix NEX-Forms – Ultimate Form Builder – Contact forms and much more.This issue affects NEX-Forms – Ultimate Form Builder – Contact forms and much more: from n/a through 8.5.5...

Sql injection

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Basix NEX-Forms – Ultimate Form Builder – Contact forms and much more.This issue affects NEX-Forms – Ultimate Form Builder – Contact forms and much more: from n/a through 8.5.5...

CVE-2023-50838 WordPress NEX-Forms – Ultimate Form Builder Plugin <= 8.5.5 is vulnerable to SQL Injection

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Basix NEX-Forms – Ultimate Form Builder – Contact forms and much more.This issue affects NEX-Forms – Ultimate Form Builder – Contact forms and much more: from n/a through 8.5.5...

CVE-2023-50838

CVE-2023-50838 corresponds to an SQL Injection vulnerability in NEX-Forms – Ultimate Form Builder for WordPress. The issue affects the NEX-Forms – Ultimate Form Builder – Contact forms and much more plugin, up to version 8.5.5. According to sources, this was an authenticated issue requiring at le...

CVE-2023-50846

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in RegistrationMagic RegistrationMagic – Custom Registration Forms, User Registration, Payment, and User Login.This issue affects RegistrationMagic – Custom Registration Forms, User Registration,...