Open redirect

URL Redirection to Untrusted Site 'Open Redirect' vulnerability in CRM Perks. Integration for Constant Contact and Contact Form 7, WPForms, Elementor, Ninja Forms.This issue affects Integration for Constant Contact and Contact Form 7, WPForms, Elementor, Ninja Forms: from n/a through 1.1.4...

CVE-2023-47779 WordPress Integration for Contact Form 7 and Constant Contact Plugin <= 1.1.4 is vulnerable to Open Redirection

URL Redirection to Untrusted Site 'Open Redirect' vulnerability in CRM Perks. Integration for Constant Contact and Contact Form 7, WPForms, Elementor, Ninja Forms.This issue affects Integration for Constant Contact and Contact Form 7, WPForms, Elementor, Ninja Forms: from n/a through 1.1.4...

CVE-2023-47779

CVE-2023-47779 describes an Open Redirect in the WordPress plugin Integration for Constant Contact and Contact Form 7, WPForms, Elementor, Ninja Forms (up to version 1.1.4). Root cause is unvalidated redirect URL handling, enabling unauthenticated attackers to redirect users to a malicious site. ...

CVE-2023-35909

CVE-2023-35909 affects the Ninja Forms Contact Form (Ninja Forms) WordPress plugin, specifically versions up to 3.6.25. It is an Uncontrolled Resource Consumption vulnerability that can cause a Denial of Service (DoS) and is exploitable without authentication via large form submissions. CVSS v3.1...

WordPress Smart Forms Plugin <= 2.6.84 is vulnerable to Broken Access Control

Software Smart Forms Type Plugin Vulnerable versions = 2.6.84 Fixed in 2.6.85 OWASP Top 10 A1: Broken Access Control Classification Broken Access Control CVE CVE-2023-49856 Patch priority High CVSS severity High 8.1 Developer Claim ownership PSID 636ea1edcfea Credits Abdi Pranata Required privile...

WordPress Plugin Ninja Forms Contact Form Resource Management Error Vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. WordPress is a blogging platform developed in the PHP language that supports personal blogs on PHP and MySQL servers.WordPress plugin is an application...

WordPress Optin Forms Plugin <= 1.3.6 is vulnerable to Cross Site Scripting (XSS)

Software Optin Forms Type Plugin Vulnerable versions = 1.3.6 Fixed in 1.3.7 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2023-49841 Patch priority Low CVSS severity Low 5.9 Developer Claim ownership PSID 11e6af66fb2d Credits DoYeon Park p6rkdoye0n Required privilege...

CVE-2023-48278

Cross-Site Request Forgery CSRF vulnerability in Nitin Rathod WP Forms Puzzle Captcha allows Stored XSS.This issue affects WP Forms Puzzle Captcha: from n/a through 4.1...

CVE-2023-48278

Cross-Site Request Forgery CSRF vulnerability in Nitin Rathod WP Forms Puzzle Captcha allows Stored XSS.This issue affects WP Forms Puzzle Captcha: from n/a through 4.1...

Cross site request forgery (csrf)

Cross-Site Request Forgery CSRF vulnerability in Nitin Rathod WP Forms Puzzle Captcha allows Stored XSS.This issue affects WP Forms Puzzle Captcha: from n/a through 4.1...

CVE-2023-45609

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in POWR.Io Contact Form – Custom Builder, Payment Form, and More allows Stored XSS.This issue affects Contact Form – Custom Builder, Payment Form, and More: from n/a through 2.1.0...

CVE-2023-48278

CVE-2023-48278 affects the WP Forms Puzzle Captcha WordPress plugin (versions 4.1 when available; if not yet patched, consider disabling the plugin until a patch is released.

CVE-2023-47645

Cross-Site Request Forgery CSRF vulnerability in RegistrationMagic RegistrationMagic – Custom Registration Forms, User Registration, Payment, and User Login allows Cross Site Request Forgery.This issue affects RegistrationMagic – Custom Registration Forms, User Registration, Payment, and User...

Cross site request forgery (csrf)

Cross-Site Request Forgery CSRF vulnerability in RegistrationMagic RegistrationMagic – Custom Registration Forms, User Registration, Payment, and User Login allows Cross Site Request Forgery.This issue affects RegistrationMagic – Custom Registration Forms, User Registration, Payment, and User...

CVE-2023-47645

CVE-2023-47645 concerns the RegistrationMagic WordPress plugin. A CSRF vulnerability affects RegistrationMagic – Custom Registration Forms, User Registration, Payment, and User Login, with exposure noted for versions n/a through 5.2.2.6. Public references document the vulnerability and list a pat...

Microweber file upload vulnerability

File Upload vulnerability in Microweber v.2.0.4 allows a remote attacker to execute arbitrary code via a crafted script to the file upload function in the created forms component...

GHSA-2C7X-W3MX-H7P6 Microweber file upload vulnerability

File Upload vulnerability in Microweber v.2.0.4 allows a remote attacker to execute arbitrary code via a crafted script to the file upload function in the created forms component...

CVE-2023-49052

File Upload vulnerability in Microweber v.2.0.4 allows a remote attacker to execute arbitrary code via a crafted script to the file upload function in the created forms component...

CVE-2023-49052

File Upload vulnerability in Microweber v.2.0.4 allows a remote attacker to execute arbitrary code via a crafted script to the file upload function in the created forms component...

Unrestricted file upload

File Upload vulnerability in Microweber v.2.0.4 allows a remote attacker to execute arbitrary code via a crafted script to the file upload function in the created forms component...