WordPress 插件跨站脚本漏洞

WordPress is the Wordpress Foundation's set of blogging platform developed using the PHP language. The platform supports the hosting of personal blog sites on PHP and MySQL servers. Caldera Forms Plugin is a WordPress open source application plugin. WordPress Caldera Forms Plugins prior to 1.9.5...

WP Booking System – Booking Calendar < 2.0.15 - Authenticated Reflected Cross-Site Scripting (XSS)

The plugin was affected by a reflected xss in wp-booking-system on the wpbs-calendars admin page. http://127.0.0.1:8001/wp-admin/admin.php?page=wpbs-calendars&s=%22+style%3Danimation-name%3Arotation+onanimationstart%3Dalert%281%29+x%3D or...

Webform - Critical - Cross Site Scripting, Access Bypass - SA-CONTRIB-2021-045

Access Bypass: This module enables you to build forms and surveys in Drupal. The module doesn't sufficiently check access for administrative features for webforms attached to nodes using the Webform Node module. This may reveal submitted data or allow an attacker to modify submitted data...

Information Disclosure

elgg/elgg is vulnerable to information disclosure. The vulnerability exists due to a lack of sanitization of the user inputs in the forms in the view namespace 'forms/admin'...

WordPress Ninja Forms Plugin < 3.6.4 SQLi Vulnerability

The WordPress plugin Copyright C 2021 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can redistribute it and/or modify it...

WordPress plugin SQL injection vulnerability (CNVD-2021-102399)

WordPress is the Wordpress Foundation's set of blogging platform developed using the PHP language . The platform supports PHP and MySQL servers to set up a personal blog site.WordPress Plugin is a WordPress open source application plugin . WordPress Ninja Forms Contact Form plugin version 3.6.4...

Librenms 跨站脚本漏洞

Librenms is a PHP and MySQL based open source network monitoring system for the Librenms community. The system features custom alerts, auto-discovery of network environments, and automatic updates.Librenms suffers from a cross-site scripting vulnerability that originates in...

CVE-2021-24889

The Ninja Forms Contact Form WordPress plugin before 3.6.4 does not escape keys of the fields POST parameter, which could allow high privilege users to perform SQL injections attacks...

CVE-2021-24889

The Ninja Forms Contact Form WordPress plugin before 3.6.4 does not escape keys of the fields POST parameter, which could allow high privilege users to perform SQL injections attacks...

Sql injection

The Ninja Forms Contact Form WordPress plugin before 3.6.4 does not escape keys of the fields POST parameter, which could allow high privilege users to perform SQL injections attacks...

CVE-2021-24889 Ninja Forms < 3.6.4 - Admin+ SQL Injection

The Ninja Forms Contact Form WordPress plugin before 3.6.4 does not escape keys of the fields POST parameter, which could allow high privilege users to perform SQL injections attacks...

CVE-2021-24889

The CVE refers to WordPress Ninja Forms Contact Form plugin. Up to version 3.6.3 (3.6.4 fixes) the vulnerability stems from not escaping keys of POST parameters, enabling SQL injection by high-privilege users. Affected product: Ninja Forms Contact Form WordPress plugin. Root cause: missing escapi...

WordPress和WordPress 插件 SQL注入漏洞

WordPress is the Wordpress Foundation's set of blogging platform developed using the PHP language . The platform supports PHP and MySQL servers to set up a personal blog site.WordPress Plugin is a WordPress open source application plugin . WordPress Ninja Forms Contact Form plugin version 3.6.4...

CVE-2021-24892

Insecure Direct Object Reference in edit function of Advanced Forms Free & Pro before 1.6.9 allows authenticated remote attacker to change arbitrary user's email address and request for reset password, which could lead to take over of WordPress's administrator account. To exploit this...

CVE-2021-24892

Insecure Direct Object Reference in edit function of Advanced Forms Free & Pro before 1.6.9 allows authenticated remote attacker to change arbitrary user's email address and request for reset password, which could lead to take over of WordPress's administrator account. To exploit this...

Design/Logic Flaw

Insecure Direct Object Reference in edit function of Advanced Forms Free & Pro before 1.6.9 allows authenticated remote attacker to change arbitrary user's email address and request for reset password, which could lead to take over of WordPress's administrator account. To exploit this...

CVE-2021-24892 Advanced Forms < 1.6.9 - Subscriber+ Arbitrary User Email Address Update via IDOR

Insecure Direct Object Reference in edit function of Advanced Forms Free & Pro before 1.6.9 allows authenticated remote attacker to change arbitrary user's email address and request for reset password, which could lead to take over of WordPress's administrator account. To exploit this...

CVE-2021-24892

The CVE-2021-24892 issue affects WordPress Advanced Forms (Free & Pro) prior to 1.6.9. Affected component: edit function handling user email updates via insecure direct object reference (IDOR). Root cause: authenticated users can exploit IDOR to modify arbitrary users’ email addresses and trigger...

WordPress 安全漏洞

WordPress is a set of blogging platforms developed using the PHP language by the WordPress Wordpress Foundation. The platform supports the hosting of personal blog sites on servers with PHP and MySQL. A security vulnerability exists in WordPress Advanced Forms that allows an authenticated, remote...

WordPress Everest Forms plugin <= 1.7.9 - Reflected Cross-Site Scripting (XSS) vulnerability

Reflected Cross-Site Scripting XSS vulnerability discovered by JrXnm in WordPress Everest Forms plugin versions = 1.7.9. Solution Update the WordPress Everest Forms plugin to the latest available version at least 1.8.0...