CVE-2020-36712

Summary (concrete details from connected docs): CVE-2020-36712 affects the Kali Forms plugin for WordPress (versions up to 2.1.1). The root cause is the kaliforms_form_delete_uploaded_file function, which lacks any privilege or user protections, enabling unauthenticated attackers to delete any si...

CVE-2020-36712

The Kali Forms plugin for WordPress is vulnerable to Unauthenticated Arbitrary Post Deletion in versions up to, and including, 2.1.1. This is due to the kaliformsformdeleteuploadedfile function lacking any privilege or user protections. This makes it possible for unauthenticated attackers to dele...

PT-2023-11862 · WordPress · Kali Forms

Name of the Vulnerable Software and Affected Versions: Kali Forms plugin for WordPress versions up to, and including, 2.1.1 Description: The issue arises from the update option lacking proper authentication checks, allowing any authenticated attacker to change or delete the plugin's settings. Thi...

WordPress Plugin Flo Forms – Easy Drag & Drop Form Builder 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers running PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability exists in...

WordPress Plugin Kali Forms 跨站请求伪造漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers running PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability exists in...

PT-2023-11859 · WordPress · Kali Forms

Name of the Vulnerable Software and Affected Versions: Kali Forms plugin for WordPress versions up to, and including, 2.1.1 Description: The issue is due to incorrect nonce handling throughout the plugin's function, making it possible for unauthenticated attackers to access the plugin's...

PT-2023-12478

Name of the Vulnerable Software and Affected Versions: The Flo Forms – Easy Drag & Drop Form Builder plugin for WordPress versions up to, and including, 1.0.35 Description: The issue is related to Stored Cross-Site Scripting via Options Change, which occurs when using the flo import forms options...

WordPress Plugin Kali Forms 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. WordPress is a blogging platform developed in the PHP language that supports personal blogs on PHP and MySQL servers.WordPress plugin is an application...

WordPress Plugin Kali Forms 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A security vulnerability exists in the...

PT-2023-11854 · WordPress · Kali Forms

Name of the Vulnerable Software and Affected Versions: Kali Forms plugin for WordPress versions up to, and including, 2.1.1 Description: The issue arises from the kaliforms form delete uploaded file function lacking privilege or user protections, allowing unauthenticated attackers to delete any...

The vulnerability of the maybe_unserialize() function in the Gravity Forms plugin for WordPress content management system allows a hacker to gain access to read, modify, or delete files, or execute arbitrary code.

The vulnerability of the maybeunserialize function in the Gravity Forms plugin of the WordPress content management system is related to deficiencies in the deserialization mechanism. Exploiting this vulnerability could allow an attacker to gain read, modify, or delete access to files, or execute...

PT-2023-11377 · WordPress · Email Templates

Name of the Vulnerable Software and Affected Versions: Email Templates plugin for WordPress versions up to and including 1.3 Description: The issue allows attackers to perform HTML Injection, enabling them to present phishing forms or conduct cross-site request forgery attacks against site...

Malicious code in fc-forms (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 7831dd4a2a99e2a4b2b5bc63541b0fada419350844c0faaf50991c0f5bac2713 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

CVE-2015-10117

A vulnerability, which was classified as problematic, was found in Gravity Forms DPS PxPay Plugin up to 1.4.2 on WordPress. Affected is an unknown function. The manipulation leads to cross site scripting. It is possible to launch the attack remotely. Upgrading to version 1.4.3 is able to address...

Cross site scripting

A vulnerability, which was classified as problematic, was found in Gravity Forms DPS PxPay Plugin up to 1.4.2 on WordPress. Affected is an unknown function. The manipulation leads to cross site scripting. It is possible to launch the attack remotely. Upgrading to version 1.4.3 is able to address...

CVE-2015-10117 Gravity Forms DPS PxPay Plugin cross site scripting

A vulnerability, which was classified as problematic, was found in Gravity Forms DPS PxPay Plugin up to 1.4.2 on WordPress. Affected is an unknown function. The manipulation leads to cross site scripting. It is possible to launch the attack remotely. Upgrading to version 1.4.3 is able to address...

CVE-2015-10117

The CVE-2015-10117 entry concerns Gravity Forms DPS PxPay Plugin for WordPress, affected in versions up to 1.4.2. The vulnerability is a cross-site scripting flaw due to an unknown function, enabling remote execution of an attack. Remediation is upgrading to version 1.4.3, with patch identifier 5...

WordPress Plugin Gravity Forms DPS PxPay 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site scripting...

PT-2023-10295 · WordPress · Gravity Forms Dps Pxpay Plugin

Name of the Vulnerable Software and Affected Versions: Gravity Forms DPS PxPay Plugin versions up to 1.4.2 Description: A problematic issue was found in the Gravity Forms DPS PxPay Plugin, affecting an unknown function. This issue leads to cross-site scripting and can be launched remotely...

Formidable Forms < 6.3.1 - Subscriber+ Remote Code Execution

The plugin does not adequately authorize the user or validate the plugin URL in its functionality for installing add-ons. This allows a user with a role as low as Subscriber to install and activate arbitrary plugins of arbitrary versions from the WordPress.org plugin repository onto the site,...