WP User Frontend < 3.6.9 - Missing Authorization via AJAX actions

Description The WP User Frontend plugin for WordPress is vulnerable to unauthorized functionality use due to a missing capability check on several functions corresponding to AJAX actions in versions up to, and including, 3.6.8. This makes it possible for authenticated attackers, with...

Contact Form builder with drag & drop - Kali Forms < 2.3.29 - Missing Authorization via get_log

Description The Contact Form builder with drag & drop - Kali Forms plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on the getlog function in versions up to, and including, 2.3.28. This makes it possible for authenticated attackers, with subscriber-level...

Flo Forms <= 1.0.41 - Missing Authorization via flo_send_test_email

Description The Flo Forms plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the flosendtestemail function in versions up to, and including, 1.0.41. This makes it possible for authenticated attackers, with subscriber-level access and above...

Contact Form builder with drag & drop - Kali Forms < 2.3.28 - Missing Authorization via Contact Form

Description The Contact Form builder with drag & drop - Kali Forms plugin for WordPress is vulnerable to unauthorized modification of data due to a missing check on the runformprocesschecks function in versions up to, and including, 2.3.27. This makes it possible for unauthenticated attackers to...

Integration for Contact Form 7 and Constant Contact < 1.1.5 - Open Redirect

Description The Integration for Constant Contact and Contact Form 7, WPForms, Elementor, Ninja Forms plugin for WordPress is vulnerable to Open Redirect in all versions up to, and including, 1.1.4. This is due to insufficient validation a redirect url. This makes it possible for unauthenticated...

Quill Forms < 3.4.0 - Cross-Site Request Forgery

Description The Quill Forms | The Best Typeform Alternative | Create Conversational Multi Step Form, Survey, Quiz, Cost Estimation or Donation Form on WordPress plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 3.3.0. This is due to missing or...

CVE-2023-47816

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Charitable Donations & Fundraising Team Donation Forms by Charitable plugin = 1.7.0.13 versions...

CVE-2023-47816

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Charitable Donations & Fundraising Team Donation Forms by Charitable plugin = 1.7.0.13 versions...

GHSA-8JJH-J3C2-CJCV Cross-site Scripting via uploaded assets

Impact HTML files crafted to look like images may be uploaded regardless of mime validation. This is only applicable on front-end forms using the "Forms" feature containing an assets field, or within the control panel which requires authentication. Patches It has been patched on 3.4.15 and 4.36.0...

Cross-site Scripting via uploaded assets

Impact HTML files crafted to look like images may be uploaded regardless of mime validation. This is only applicable on front-end forms using the "Forms" feature containing an assets field, or within the control panel which requires authentication. Patches It has been patched on 3.4.15 and 4.36.0...

WordPress Plugin Donation Forms by Charitable Cross-Site Scripting Vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A cross-site scripting vulnerability exists...

PT-2023-30626 · Charitable · Charitable Donations & Fundraising Team Donation Forms

Name of the Vulnerable Software and Affected Versions: Charitable Donations & Fundraising Team Donation Forms by Charitable plugin versions = 1.7.0.13 Description: The issue is related to improper neutralization of input during web page generation, which can lead to Cross-site Scripting...

WordPress WP Forms Puzzle Captcha Plugin <= 4.1 is vulnerable to Bypass Vulnerability

Software WP Forms Puzzle Captcha Type Plugin Vulnerable versions = 4.1 Fixed in N/A OWASP Top 10 A4: Insecure Design Classification Bypass Vulnerability CVE CVE-2023-48276 Patch priority Low CVSS severity Low 5.3 Developer Claim ownership PSID 9254034af79f Credits qilin99 Required privilege...

WordPress WP Forms Puzzle Captcha Plugin <= 4.1 is vulnerable to Cross Site Request Forgery (CSRF)

Software WP Forms Puzzle Captcha Type Plugin Vulnerable versions = 4.1 Fixed in N/A OWASP Top 10 A1: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2023-48278 Patch priority Low CVSS severity Low 7.1 Developer Claim ownership PSID fe5374d7289c Credits qilin99 Require...

Authentication flaw

Statamic CMS is a Laravel and Git powered content management system CMS. Prior to versions 3.4.15 an 4.36.0, HTML files crafted to look like images may be uploaded regardless of mime validation. This is only applicable on front-end forms using the "Forms" feature containing an assets field, or...

CVE-2023-48701 Statamic CMS vulnerable to Cross-site Scripting via uploaded assets

Statamic CMS is a Laravel and Git powered content management system CMS. Prior to versions 3.4.15 an 4.36.0, HTML files crafted to look like images may be uploaded regardless of mime validation. This is only applicable on front-end forms using the "Forms" feature containing an assets field, or...

PT-2023-30910 · Unknown · Statamic Cms

Name of the Vulnerable Software and Affected Versions: Statamic CMS versions prior to 3.4.15 and 4.36.0 Description: The issue allows HTML files crafted to look like images to be uploaded, bypassing mime validation. This is applicable on front-end forms using the "Forms" feature with an assets...

Oracle Linux 9 : skopeo (ELSA-2023-6363)

The remote Oracle Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2023-6363 advisory. - rebuild for following CVEs: CVE-2022-41724 CVE-2022-41725 CVE-2023-24537 CVE-2023-24538 CVE-2023-24534 CVE-2023-24536 CVE-2022-41723 CVE-2023-24539...

Ubuntu: Security Advisory (USN-6480-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

dotnet: ASP.NET Security Feature Bypass Vulnerability in Blazor forms

A security feature bypass vulnerability was found in Blazor forms in ASP.NET in the .NET package...