WordPress 跨站脚本漏洞

WordPress is a set of blogging platforms developed using the PHP language by the WordPress Wordpress Foundation. The platform supports setting up personal blog sites on servers with PHP and MySQL. A cross-site scripting vulnerability exists in WordPress Contact Forms prior to version 1.4.12, whic...

Balbooa Joomla Forms Builder 2.0.6 - SQL Injection Vulnerability

Exploit Title: Balbooa Joomla Forms Builder 2.0.6 - SQL Injection Unauthenticated Exploit Author: blockomat2100 Vendor Homepage: https://www.balbooa.com/ Version: 2.0.6 Tested on: Docker An example request to trigger the SQL-Injection: POST /index.php?option=combaforms HTTP/1.1 Host: localhost...

WordPress 跨站脚本漏洞

WordPress is the WordPress Foundation's set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL. WordPress Ninja Forms Contact Form plugin prior to 3.5.8.2 put that book in place with a cross-site scripting...

Balbooa Joomla Forms Builder 2.0.6 SQL Injection

Exploit Title: Balbooa Joomla Forms Builder 2.0.6 - SQL Injection Unauthenticated Date: 24.10.2021 Exploit Author: blockomat2100 Vendor Homepage: https://www.balbooa.com/ Version: 2.0.6 Tested on: Docker An example request to trigger the SQL-Injection: POST /index.php?option=combaforms HTTP/1.1...

Balbooa Joomla Forms Builder 2.0.6 - SQL Injection (Unauthenticated)

Exploit Title: Balbooa Joomla Forms Builder 2.0.6 - SQL Injection Unauthenticated Date: 24.10.2021 Exploit Author: blockomat2100 Vendor Homepage: https://www.balbooa.com/ Version: 2.0.6 Tested on: Docker An example request to trigger the SQL-Injection: POST /index.php?option=combaforms HTTP/1.1...

CVE-2020-23051

Phpgurukul User Registration & User Management System v2.0 was discovered to contain multiple stored cross-site scripting XSS vulnerabilities via the firstname and lastname parameters of the registration form & loginsystem input fields...

CVE-2021-42534

The affected product’s web application does not properly neutralize the input during webpage generation, which could allow an attacker to inject code in the input forms...

Code injection

The affected product’s web application does not properly neutralize the input during webpage generation, which could allow an attacker to inject code in the input forms...

WordPress Advanced Forms Pro premium plugin <= 1.6.8 - Arbitrary User Email Address Update via IDOR vulnerability

Arbitrary User Email Address Update via IDOR vulnerability discovered by Suppawit Punhakit in WordPress Advanced Forms Pro premium plugin versions = 1.6.8. Solution Update the WordPress Advanced Forms Pro premium plugin to the latest available version at least 1.6.9...

WordPress Advanced Forms plugin <= 1.6.8 - Arbitrary User Email Address Update via IDOR vulnerability

Arbitrary User Email Address Update via IDOR vulnerability discovered by Suppawit Punhakit in WordPress Advanced Forms plugin versions = 1.6.8. Solution Update the WordPress Advanced Forms plugin to the latest available version at least 1.6.9...

CVE-2021-24516

The PlanSo Forms WordPress plugin through 2.6.3 does not escape the title of its Form before outputting it in attributes, allowing high privilege users such as admin to set XSS payload in it, even when the unfilteredhtml is disallowed, leading to an Authenticated Stored Cross-Site Scripting issue...

CVE-2021-24516

The PlanSo Forms WordPress plugin through 2.6.3 does not escape the title of its Form before outputting it in attributes, allowing high privilege users such as admin to set XSS payload in it, even when the unfilteredhtml is disallowed, leading to an Authenticated Stored Cross-Site Scripting issue...

CVE-2021-24516

CVE-2021-24516 affects PlanSo Forms for WordPress (

CVE-2021-24516 PlanSo Forms <= 2.6.3 - Authenticated Stored Cross-Site Scripting

The PlanSo Forms WordPress plugin through 2.6.3 does not escape the title of its Form before outputting it in attributes, allowing high privilege users such as admin to set XSS payload in it, even when the unfilteredhtml is disallowed, leading to an Authenticated Stored Cross-Site Scripting issue...

WordPress 插件跨站脚本漏洞

WordPress is the Wordpress Foundation's set of blogging platform developed using the PHP language . The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress Plugin is an open source application plugin for WordPress. A cross-site scripting vulnerability exists i...

Security update for MozillaFirefox (important)

openSUSE Security Update: Security update for MozillaFirefox Announcement ID: openSUSE-SU-2021:1367-1 Rating: important References: 1188891 1189547 1190269 1190274 1190710 1191332 Cross-References: CVE-2021-29980 CVE-2021-29981 CVE-2021-29982 CVE-2021-29983 CVE-2021-29984 CVE-2021-29985...

WordPress Formidable Forms plugin <= 5.0.06 - Authenticated Stored Cross-Site Scripting (XSS) vulnerability

Authenticated Stored Cross-Site Scripting XSS vulnerability discovered by Thinkland Security Team in WordPress Formidable Forms plugin versions = 5.0.06. Solution Update the WordPress Formidable Forms plugin to the latest available version at least 5.0.07...

WordPress Ninja Forms Plugin < 3.5.8 Multiple Vulnerabilities

The WordPress plugin Copyright C 2021 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can redistribute it and/or modify it...

VulnCheck KEV: CVE-2021-24647

The Registration Forms – User profile, Content Restriction, Spam Protection, Payment Gateways, Invitation Codes WordPress plugin before 3.1.7.6 has a flaw in the social login implementation, allowing unauthenticated attacker to login as any user on the site by only knowing their user ID or userna...

Security update for MozillaFirefox (important)

openSUSE Security Update: Security update for MozillaFirefox Announcement ID: openSUSE-SU-2021:3331-1 Rating: important References: 1188891 1189547 1190269 1190274 1190710 1191332 Cross-References: CVE-2021-29980 CVE-2021-29981 CVE-2021-29982 CVE-2021-29983 CVE-2021-29984 CVE-2021-29985...