PT-2023-23234 · Wpforms +1 · Wpforms +2

Name of the Vulnerable Software and Affected Versions: Database for Contact Form 7, WPforms, Elementor forms versions 1.3.0 and earlier Description: The issue is related to an SQL Injection vulnerability due to improper neutralization of special elements used in an SQL command. This allows for SQ...

PT-2023-7847 · Adobe · Experience Manager

Name of the Vulnerable Software and Affected Versions: Adobe Experience Manager versions 6.5.18 and earlier Description: The issue is related to a stored Cross-Site Scripting XSS vulnerability that could be exploited by a low-privileged attacker to inject malicious scripts into vulnerable form...

WordPress iframe forms Plugin <= 1.0 is vulnerable to Cross Site Scripting (XSS)

Software iframe forms Type Plugin Vulnerable versions = 1.0 Fixed in N/A OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-5073 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 1839edf7170f Credits István Márton Required privileg...

WordPress Quill Forms Plugin <= 3.3.0 is vulnerable to Broken Access Control

Software Quill Forms Type Plugin Vulnerable versions = 3.3.0 Fixed in 3.4.0 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2023-46610 Patch priority High CVSS severity High 6.5 Developer Claim ownership PSID f234d1eb3578 Credits Abdi Pranata Required privilege...

CVE-2023-45748

Cross-Site Request Forgery CSRF vulnerability in MailMunch MailChimp Forms by MailMunch plugin = 3.1.4 versions...

CVE-2023-45748

Cross-Site Request Forgery CSRF vulnerability in MailMunch MailChimp Forms by MailMunch plugin = 3.1.4 versions...

Cross site request forgery (csrf)

Cross-Site Request Forgery CSRF vulnerability in MailMunch MailChimp Forms by MailMunch plugin = 3.1.4 versions...

CVE-2023-45647

Cross-Site Request Forgery CSRF vulnerability in MailMunch Constant Contact Forms by MailMunch plugin = 2.0.10 versions...

CVE-2023-45647

Cross-Site Request Forgery CSRF vulnerability in MailMunch Constant Contact Forms by MailMunch plugin = 2.0.10 versions...

Cross site request forgery (csrf)

Cross-Site Request Forgery CSRF vulnerability in MailMunch Constant Contact Forms by MailMunch plugin = 2.0.10 versions...

CVE-2023-45748 WordPress MailChimp Forms by MailMunch Plugin <= 3.1.4 is vulnerable to Cross Site Request Forgery (CSRF)

Cross-Site Request Forgery CSRF vulnerability in MailMunch MailChimp Forms by MailMunch plugin = 3.1.4 versions...

CVE-2023-45748 WordPress MailChimp Forms by MailMunch Plugin <= 3.1.4 is vulnerable to Cross Site Request Forgery (CSRF)

Cross-Site Request Forgery CSRF vulnerability in MailMunch MailChimp Forms by MailMunch plugin = 3.1.4 versions...

CVE-2023-45748

CVE-2023-45748 affects the MailMunch MailChimp Forms by MailMunch WordPress plugin, vulnerable in versions

CVE-2023-45647

CVE-2023-45647 affects MailMunch Constant Contact Forms by MailMunch (WordPress plugin) ≤ 2.0.10. Root cause: Cross-Site Request Forgery (CSRF) vulnerability that could allow an attacker to perform unintended actions on behalf of an authenticated user. Impact details in sources show potential hig...

CVE-2023-45647 WordPress Constant Contact Forms by MailMunch Plugin <= 2.0.10 is vulnerable to Cross Site Request Forgery (CSRF)

Cross-Site Request Forgery CSRF vulnerability in MailMunch Constant Contact Forms by MailMunch plugin = 2.0.10 versions...

WordPress Contact Form builder with drag & drop - Kali Forms Plugin <= 2.3.27 is vulnerable to Broken Access Control

Software Contact Form builder with drag & drop - Kali Forms Type Plugin Vulnerable versions = 2.3.27 Fixed in 2.3.28 OWASP Top 10 A1: Broken Access Control Classification Broken Access Control CVE CVE-2023-46083 Patch priority Low CVSS severity Low 5.3 Developer Claim ownership PSID 538b41872f6e...

Ninja Forms < 3.6.34 - Admin+ Stored XSS

Description The plugin does not sanitize and escape its label fields, which could allow high privilege users such as admin to perform Stored XSS attacks. Only users with the unfilteredhtml capability can perform this, and such users are already allowed to use JS in posts/comments etc however the...

WordPress Plugin Constant Contact Forms by MailMunch Cross-Site Request Forgery Vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. WordPress plugin is an application plugin that supports personal blogs on PHP and MySQL servers. WordPress Plugin Constant Contact Forms by MailMunch is...

Ninja Forms < 3.6.34 - Admin+ Stored XSS

Description The plugin does not sanitize and escape its label fields, which could allow high privilege users such as admin to perform Stored XSS attacks. Only users with the unfilteredhtml capability can perform this, and such users are already allowed to use JS in posts/comments etc however the...

WordPress Plugin MailChimp Forms by MailMunch Cross-Site Request Forgery Vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. WordPress Plugin MailChimp Forms by MailMun...