Sql injection

REDCap 12.0.26 LTS and 12.3.2 Standard allows SQL Injection via scheduling, repeatforms, purpose, apptitle, or randomization...

WordPress Ninja Forms Plugin <= 3.6.25 is vulnerable to Cross Site Scripting (XSS)

Software Ninja Forms Type Plugin Vulnerable versions = 3.6.25 Fixed in 3.6.26 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-37979 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 584a630933ad Credits Rafie Muhammad...

WordPress Ninja Forms Plugin <= 3.6.25 is vulnerable to Broken Access Control

Software Ninja Forms Type Plugin Vulnerable versions = 3.6.25 Fixed in 3.6.26 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2023-38386 Patch priority Low CVSS severity Low 7.6 Developer Claim ownership PSID 6638721a79c1 Credits Rafie Muhammad Patchstack...

WordPress Ninja Forms Plugin <= 3.6.25 is vulnerable to Broken Access Control

Software Ninja Forms Type Plugin Vulnerable versions = 3.6.25 Fixed in 3.6.26 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2023-38393 Patch priority High CVSS severity High 7.6 Developer Claim ownership PSID 44e08fdf7aed Credits Rafie Muhammad Patchstack...

WordPress Contact Form By Mega Forms – Drag and Drop Form Builder Plugin <= 1.1.2 is vulnerable to Cross Site Scripting (XSS)

Software Contact Form By Mega Forms – Drag and Drop Form Builder Type Plugin Vulnerable versions = 1.1.2 Fixed in 1.1.3 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2023-33999 Patch priority High CVSS severity High 7.1 Developer Claim ownership PSID 5d66bb9d8b9f...

WordPress SV Forms Plugin <= 1.9.00 is vulnerable to Cross Site Scripting (XSS)

Software SV Forms Type Plugin Vulnerable versions = 1.9.00 Fixed in 2.0.02 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2023-33999 Patch priority High CVSS severity High 7.1 Developer Claim ownership PSID 3d5feaf66d74 Credits Rafie Muhammad Patchstack Required...

WordPress Member Profile Forms / Custom Registration / Post From Profile in BuddyPress / BuddyBoss Plugin <= 1.4.10 is vulnerable to Cross Site Scripting (XSS)

Software Member Profile Forms / Custom Registration / Post From Profile in BuddyPress / BuddyBoss Type Plugin Vulnerable versions = 1.4.10 Fixed in 1.4.12 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2023-33999 Patch priority High CVSS severity High 7.1 Developer Cla...

WordPress Caldera Forms Plugin <= 1.7.4 is vulnerable to Cross Site Scripting (XSS)

Software Caldera Forms Type Plugin Vulnerable versions = 1.7.4 Fixed in 1.7.5.1 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2023-33999 Patch priority High CVSS severity High 7.1 Developer Claim ownership PSID 9b20838a06d8 Credits Rafie Muhammad Patchstack Required...

WordPress DeMomentSomTres Gravity Forms Improvements Plugin <= 20170425 is vulnerable to Cross Site Scripting (XSS)

Software DeMomentSomTres Gravity Forms Improvements Type Plugin Vulnerable versions = 20170425 Fixed in 201805021810 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2023-33999 Patch priority High CVSS severity High 7.1 Developer Claim ownership PSID 477dcd7d6435 Credits...

WordPress Search Field for Gravity Forms Plugin <= 0.5 is vulnerable to Cross Site Scripting (XSS)

Software Search Field for Gravity Forms Type Plugin Vulnerable versions = 0.5 Fixed in 0.6 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2023-33999 Patch priority High CVSS severity High 7.1 Developer Claim ownership PSID 043a13d5d567 Credits Rafie Muhammad Patchstack...

WordPress Advanced Custom Fields Frontend Forms Plugin <= 1.3.4 is vulnerable to Cross Site Scripting (XSS)

Software Advanced Custom Fields Frontend Forms Type Plugin Vulnerable versions = 1.3.4 Fixed in 1.3.5 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2023-33999 Patch priority High CVSS severity High 7.1 Developer Claim ownership PSID e7bf47e904be Credits Rafie Muhammad...

WordPress WordPress Form Builder Plugin – Gutenberg Forms Plugin <= 1.3.0 is vulnerable to Cross Site Scripting (XSS)

Software WordPress Form Builder Plugin – Gutenberg Forms Type Plugin Vulnerable versions = 1.3.0 Fixed in 1.4.0 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2023-33999 Patch priority High CVSS severity High 7.1 Developer Claim ownership PSID 994f2f3ecc26 Credits Rafi...

WordPress WPEForm Lite – Drag and Drop Live Form Builder for Contact, Payment & Quiz Forms Plugin <= 1.6.4 is vulnerable to Cross Site Scripting (XSS)

Software WPEForm Lite – Drag and Drop Live Form Builder for Contact, Payment & Quiz Forms Type Plugin Vulnerable versions = 1.6.4 Fixed in 1.6.5 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2023-33999 Patch priority High CVSS severity High 7.1 Developer Claim ownersh...

WordPress Contact Form 7 Multi-Step Forms Plugin < 4.3.1 is vulnerable to Cross Site Scripting (XSS)

Software Contact Form 7 Multi-Step Forms Type Plugin Vulnerable versions 4.3.1 Fixed in 4.3.1 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2023-33999 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 4442b3e885b0 Credits Rafie Muhammad...

WordPress WP Tools Gravity Forms Divi Module Plugin < 7.1.0 is vulnerable to Cross Site Scripting (XSS)

Software WP Tools Gravity Forms Divi Module Type Plugin Vulnerable versions 7.1.0 Fixed in 7.1.0 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2023-33999 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 864bb6f8df63 Credits Rafie Muhammad...

WordPress Store Locator Plus® – Gravity Forms Locations Plugin <= 6.1.1 is vulnerable to Cross Site Scripting (XSS)

Software Store Locator Plus® – Gravity Forms Locations Type Plugin Vulnerable versions = 6.1.1 Fixed in N/A OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2023-33999 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 896b7ec0dce4 Credits Rafi...

WordPress Modern Designs for Gravity Forms Plugin <= 1.1.3 is vulnerable to Cross Site Scripting (XSS)

Software Modern Designs for Gravity Forms Type Plugin Vulnerable versions = 1.1.3 Fixed in N/A OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2023-33999 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 4662a347c105 Credits Rafie Muhammad...

WordPress Any Popup – Popup Forms, Optins & Ads Plugin <= 1.0 is vulnerable to Cross Site Scripting (XSS)

Software Any Popup – Popup Forms, Optins & Ads Type Plugin Vulnerable versions = 1.0 Fixed in N/A OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2023-33999 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID e44a4be7d74c Credits Rafie Muhammad...

WordPress Forms to Sheets Plugin <= 5.2.2 is vulnerable to Cross Site Scripting (XSS)

Software Forms to Sheets Type Plugin Vulnerable versions = 5.2.2 Fixed in N/A OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2023-33999 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID b0dac35e5d40 Credits Rafie Muhammad Patchstack Required...

WordPress Form Vibes – Database Manager for Forms Plugin <= 1.4.8 is vulnerable to Cross Site Scripting (XSS)

Software Form Vibes – Database Manager for Forms Type Plugin Vulnerable versions = 1.4.8 Fixed in 1.4.9 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2023-33999 Patch priority Medium CVSS severity Medium 7.1 Developer WPVibes PSID cd425a15435a Credits Rafie Muhammad...