Cross site scripting

The BSK Forms Blacklist WordPress plugin before 3.7 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

CVE-2023-5980

CVE-2023-5980 affects the BSK Forms Blacklist WordPress plugin,

CVE-2023-5980 BSK Forms Blacklist < 3.7 - Admin+ Stored Cross-Site Scripting

The BSK Forms Blacklist WordPress plugin before 3.7 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

WordPress Everest Forms Plugin <= 2.0.3 is vulnerable to Broken Access Control

Software Everest Forms Type Plugin Vulnerable versions = 2.0.3 Fixed in 2.0.3.1 OWASP Top 10 A1: Broken Access Control Classification Broken Access Control CVE CVE-2023-51377 Patch priority Low CVSS severity Low 5.3 Developer Claim ownership PSID 8b5448fc86fc Credits Revan Arifio Required privile...

WordPress plugin BSK Forms Blacklist security vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. WordPress is a blogging platform developed using the PHP language, which supports personal blog sites on PHP and MySQL servers.WordPress plugin is an...

WordPress Zoho Forms Plugin <= 3.0.1 is vulnerable to Cross Site Scripting (XSS)

Software Zoho Forms Type Plugin Vulnerable versions = 3.0.1 Fixed in 3.0.2 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2023-50891 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 412ed0f37a8a Credits Khalid Yusuf Required privilege Contributor...

WordPress Block IPs for Gravity Forms Plugin <= 1.0.1 is vulnerable to Cross Site Request Forgery (CSRF)

Software Block IPs for Gravity Forms Type Plugin Vulnerable versions = 1.0.1 Fixed in 1.0.2 OWASP Top 10 A1: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2023-51358 Patch priority Low CVSS severity Low 5.4 Developer Claim ownership PSID 53836d95b664 Credits Nguyen...

ontariocourtforms.on.ca Cross Site Scripting vulnerability OBB-3822918

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

WordPress NEX-Forms – Ultimate Form Builder Plugin <= 8.5.5 is vulnerable to SQL Injection

Software NEX-Forms – Ultimate Form Builder Type Plugin Vulnerable versions = 8.5.5 Fixed in 8.5.6 OWASP Top 10 A3: Injection Classification SQL Injection CVE CVE-2023-50838 Patch priority Low CVSS severity Low 7.6 Developer Claim ownership PSID 3121cd44ed44 Credits Khalid Yusuf Required privilege...

Keap Official Opt-in Forms <= 1.0.11 - Admin+ Stored XSS

Description The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example, in multisite setup. PoC 1. Store the script in...

The vulnerability of the CRM Perks Forms plugin of the WordPress content management system allows a hacker to execute XSS attacks.

The vulnerability of the CRM Perks Forms plugin of the WordPress content management system is related to the lack of protective measures for the website structure. Exploiting this vulnerability allows a malicious actor to carry out XSS attacks...

WordPress HTML Forms Plugin <= 1.3.29 is vulnerable to Cross Site Scripting (XSS)

Software HTML Forms Type Plugin Vulnerable versions = 1.3.29 Fixed in 1.3.30 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2023-50836 Patch priority Low CVSS severity Low 5.9 Developer Claim ownership PSID 00ea95b31058 Credits Huynh Tien Si Required privilege...

Keap Official Opt-in Forms <= 1.0.11 - Admin+ Stored XSS

Description The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example, in multisite setup. 1. Store the script in non-sanitized...

CVE-2023-30872

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in BannerSky BSK Forms Blacklist.This issue affects BSK Forms Blacklist: from n/a through 3.6.2...

CVE-2023-30872

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in BannerSky BSK Forms Blacklist.This issue affects BSK Forms Blacklist: from n/a through 3.6.2...

Sql injection

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in BannerSky BSK Forms Blacklist.This issue affects BSK Forms Blacklist: from n/a through 3.6.2...

CVE-2023-30872 WordPress BSK Forms Blacklist Plugin <= 3.6.2 is vulnerable to SQL Injection

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in BannerSky BSK Forms Blacklist.This issue affects BSK Forms Blacklist: from n/a through 3.6.2...

CVE-2023-30872 WordPress BSK Forms Blacklist Plugin <= 3.6.2 is vulnerable to SQL Injection

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in BannerSky BSK Forms Blacklist.This issue affects BSK Forms Blacklist: from n/a through 3.6.2...

CVE-2023-30872

CVE-2023-30872 : The WordPress plugin BSK Forms Blacklist (versions

CVE-2023-28782

Deserialization of Untrusted Data vulnerability in Rocketgenius Inc. Gravity Forms.This issue affects Gravity Forms: from n/a through 2.7.3...