8217 matches found
Information disclosure
The Registration Forms – User profile, Content Restriction, Spam Protection, Payment Gateways, Invitation Codes WordPress plugin before 3.1.7.6 has a flaw in the social login implementation, allowing unauthenticated attacker to login as any user on the site by only knowing their user ID or...
Sql injection
The Registration Forms – User profile, Content Restriction, Spam Protection, Payment Gateways, Invitation Codes WordPress plugin before 3.7.1.6 does not properly escape user data before using it in a SQL statement in the wp-json/pie/v1/login REST API endpoint, leading to an SQL injection...
CVE-2021-24628
The CVE concerns WordPress Wow Forms plugin
WordPress SQL注入漏洞
WordPress is a set of blogging platforms developed using the PHP language by the WordPress Wordpress Foundation. The platform supports personal blog sites on PHP and MySQL servers. WordPress Plugin Registration Forms â€" User profile, Content Restriction, Spam Protection, Payment Gateways,...
WordPress SQL注入漏洞
WordPress is a set of blogging platforms developed using the PHP language by the Wordpress Foundation. The platform supports setting up personal blog sites on servers with PHP and MySQL. A security vulnerability exists in the WordPress Wow Forms plugin in version 3.1.3 and earlier, which stems fr...
Cross-Site Request Forgery (CSRF) in snipe/snipe-it
Description CSRF in custom field settings Proof of Concept /fields/1/fieldset/1/disassociate" /fields/required/3/3" /fields/optional/3/3" Impact This vulnerability is capable of trick admin user to modify custom forms...
WordPress Ninja Forms Plugin < 3.5.8.2 XSS Vulnerability
The WordPress plugin Copyright C 2021 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can redistribute it and/or modify it...
WordPress Formidable Forms Builder Plugin < 4.09.05 XSS Vulnerability
The WordPress plugin Copyright C 2021 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can redistribute it and/or modify it...
WordPress Formidable Forms Builder Plugin < 5.0.07 Multiple Vulnerabilities
The WordPress plugin Copyright C 2021 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can redistribute it and/or modify it...
WordPress Ninja Forms Contact Form plugin cross-site scripting vulnerability
WordPress is the WordPress Foundation's set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL. WordPress Ninja Forms Contact Form plugin prior to 3.5.8.2 put that book in place with a cross-site scripting...
Ninja Forms < 3.6.4 - Admin+ SQL Injection
The plugin does not escape keys of the fields POST parameter, which could allow high privilege users to perform SQL injections attacks POST /wp-admin/post.php HTTP/1.1 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,/;q=0.8 Accept-Language: zh,en;q=0.5...
Ninja Forms < 3.6.4 - Admin+ SQL Injection
The plugin does not escape keys of the fields POST parameter, which could allow high privilege users to perform SQL injections attacks PoC POST /wp-admin/post.php HTTP/1.1 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,/;q=0.8 Accept-Language: zh,en;q=0.5...
WordPress Ninja Forms Contact Form plugin <= 3.6.3 - SQL Injection (SQLi) vulnerability
SQL Injection SQLi vulnerability discovered by JrXnm in WordPress Ninja Forms Contact Form plugin versions = 3.6.3. Solution Update the WordPress Ninja Forms Contact Form plugin to the latest available version at least 3.6.4...
CVE-2021-24744
The WordPress Contact Forms by Cimatti WordPress plugin before 1.4.12 does not sanitise and escape the Form Title before outputting it in some admin pages. which could allow high privilege users to perform Cross-Site Scripting attacks even when the unfilteredhtml is disallowed...
CVE-2021-24381
The Ninja Forms Contact Form WordPress plugin before 3.5.8.2 does not sanitise and escape the custom class name of the form field created, which could allow high privilege users to perform Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed...
Cross site scripting
The WordPress Contact Forms by Cimatti WordPress plugin before 1.4.12 does not sanitise and escape the Form Title before outputting it in some admin pages. which could allow high privilege users to perform Cross-Site Scripting attacks even when the unfilteredhtml is disallowed...
Cross site scripting
The Ninja Forms Contact Form WordPress plugin before 3.5.8.2 does not sanitise and escape the custom class name of the form field created, which could allow high privilege users to perform Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed...
CVE-2021-24744
The CVE-2021-24744 entry concerns the WordPress Contact Forms by Cimatti plugin (pre-1.4.12). Affected component: Form Title handling in admin pages. Root cause: the Form Title is not sanitized/escaped before output, enabling stored Cross-Site Scripting (XSS) via admin interfaces. Impact: could a...
CVE-2021-24744 WordPress Contact Forms by Cimatti < 1.4.12 - Admin+ Stored Cross-Site Scripting
The WordPress Contact Forms by Cimatti WordPress plugin before 1.4.12 does not sanitise and escape the Form Title before outputting it in some admin pages. which could allow high privilege users to perform Cross-Site Scripting attacks even when the unfilteredhtml is disallowed...
CVE-2021-24381
The CVE-2021-24381 entry concerns WordPress Ninja Forms Contact Form plugin versions before 3.5.8.2. The issue is that the plugin does not sanitize and escape the custom class name of the form field it creates, enabling stored Cross-Site Scripting (XSS) by high-privilege users even when unfiltere...