Authentication flaw

Basix NEX-Forms through 7.8.7 allows authentication bypass for Excel report generation...

Authentication flaw

Basix NEX-Forms through 7.8.7 allows authentication bypass for stored PDF reports...

CVE-2021-34675

Basix NEX-Forms through 7.8.7 allows authentication bypass for stored PDF reports...

CVE-2021-34675

CVE-2021-34675 affects the WordPress Basix NEX-Forms plugin up to version 7.8.7. The vulnerability is an authentication bypass that allows access to stored PDF reports without valid credentials. The issue is documented across multiple sources (NVD, Red Hat, CNVD, WPVulnDB) as an authentication by...

CVE-2021-34676

Basix NEX-Forms through 7.8.7 allows authentication bypass for Excel report generation...

CVE-2021-34676

Summary: CVE-2021-34676 affects Basix NEX-Forms (WordPress plugin) up to version 7.8.7. The underlying issue is an authentication bypass in the Excel report generation feature, enabling unauthenticated users to download Excel reports. The vulnerability is described consistently across multiple so...

WordPress 授权问题漏洞

WordPress is the WordPress Foundation's suite of blogging platforms developed using the PHP language. The platform supports the hosting of personal blogging sites on servers with PHP and MySQL. WordPress plugin Basix NEX-Forms in version 7.8.7 and earlier has an authentication bypass vulnerabilit...

WordPress 授权问题漏洞

WordPress is a set of blogging platforms developed using the PHP language by the WordPress Wordpress Foundation. The platform supports setting up personal blog sites on servers with PHP and MySQL. An authorization issue vulnerability exists in the WordPress plugin Basix NEX-Forms 7.8.7 and earlie...

New LinkedIn phishing campaign found using Google Forms

By Sudais Asif In the latest LinkedIn phishing scam, the sender’s email address as shown appears to be from Paul University which is based in Nigeria. This is a post from HackRead.com Read the original post: New LinkedIn phishing campaign found using Google Forms...

WordPress WP Fluent Forms plugin cross-site request forgery vulnerability

WordPress is the WordPress Foundation's suite of blogging platforms developed using the PHP language. The platform supports the hosting of personal blogging sites on servers with PHP and MySQL.A cross-site request forgery vulnerability exists in versions of WordPress WP Fluent Forms plugin prior ...

CVE-2021-34620

The WP Fluent Forms plugin 3.6.67 for WordPress is vulnerable to Cross-Site Request Forgery leading to stored Cross-Site Scripting and limited Privilege Escalation due to a missing nonce check in the access control function for administrative AJAX actions...

CVE-2021-34620 CSRF in WP Fluent Forms < 3.6.67 allows stored XSS and Privilege Escalation

The WP Fluent Forms plugin 3.6.67 for WordPress is vulnerable to Cross-Site Request Forgery leading to stored Cross-Site Scripting and limited Privilege Escalation due to a missing nonce check in the access control function for administrative AJAX actions...

CVE-2021-34620 CSRF in WP Fluent Forms < 3.6.67 allows stored XSS and Privilege Escalation

The WP Fluent Forms plugin 3.6.67 for WordPress is vulnerable to Cross-Site Request Forgery leading to stored Cross-Site Scripting and limited Privilege Escalation due to a missing nonce check in the access control function for administrative AJAX actions...

CVE-2021-34620

CVE-2021-34620 affects the WP Fluent Forms plugin for WordPress, specifically versions prior to 3.6.67. The root cause is a missing nonce check in the access control function for administrative AJAX actions, enabling Cross-Site Request Forgery that can lead to stored Cross-Site Scripting and a li...

PT-2021-20587 · WordPress · Fluent Forms

Name of the Vulnerable Software and Affected Versions: WP Fluent Forms plugin versions prior to 3.6.67 Description: The issue is related to a missing nonce check in the access control function for administrative AJAX actions, leading to Cross-Site Request Forgery, which can result in stored...

WordPress 跨站请求伪造漏洞

WordPress is the WordPress Foundation's suite of blogging platforms developed using the PHP language. The platform supports the hosting of personal blogging sites on servers with PHP and MySQL.A cross-site request forgery vulnerability exists in versions of WordPress WP Fluent Forms plugin prior ...

Forms < 1.12.3 - Authenticated Stored Cross-Site Scripting (XSS)

The plugin did not sanitise its input fields, leading to Stored Cross-Site scripting issues. The plugin was vulnerable to an Authenticated Stored Cross-Site Scripting XSS vulnerability within the Forms "Add new" field. Step 1: Install and activate the plugin. Step 2: Go to the Forms-- Add New. St...

GHSA-3JXH-789F-P7M6 Craft CMS Cross-site Scripting Vulnerability

An issue was discovered in Craft CMS before 3.6.0. In some circumstances, a potential XSS vulnerability existed in connection with front-end forms that accepted user uploads...

Craft CMS Cross-site Scripting Vulnerability

An issue was discovered in Craft CMS before 3.6.0. In some circumstances, a potential XSS vulnerability existed in connection with front-end forms that accepted user uploads...

CVE-2021-27902

An issue was discovered in Craft CMS before 3.6.0. In some circumstances, a potential XSS vulnerability existed in connection with front-end forms that accepted user uploads...