Ninja Forms <= 2.9.21 - Authenticated Reflected Cross-Site Scripting (XSS)

The Ninja Forms Contact Form – The Drag and Drop Form Builder for WordPress WordPress plugin was affected by an Authenticated Reflected Cross-Site Scripting XSS security vulnerability. http://www.example.com/wp-admin/admin.php?page=nf-processing&title=alert123;...

WordPress Ninja Forms 2.9.21 Cross Site Scripting Vulnerability

WordPress Ninja Forms plugin version 2.9.21 suffers from a cross site scripting vulnerability. Title: WordPress 'Ninja Forms' Plugin - XSS Version: 2.9.21 Author: Morten Nørtoft, Kenneth Jepsen, Mikkel Vej Date: 2015/07/14 Download: https://wordpress.org/plugins/ninja-forms/ Contacted authors:...

WordPress Ninja Forms 2.9.21 Cross Site Scripting

Title: WordPress 'Ninja Forms' Plugin - XSS Version: 2.9.21 Author: Morten Nørtoft, Kenneth Jepsen, Mikkel Vej Date: 2015/07/14 Download: https://wordpress.org/plugins/ninja-forms/ Contacted authors: 2015/07/14 ========================================================== Description:...

WordPress Unite Gallery Lite Plugin 1.4.6 - Multiple Vulnerabilities

WordPress Unite Gallery Lite plugin version 1.4.6 suffers from cross site request forgery and remote SQL injection vulnerabilities. Title: Cross-Site Request Forgery & SQL Injection Vulnerabilities in Unite Gallery Lite Wordpress Plugin v1.4.6 Submitter: Nitin Venkatesh Product: Unite Gallery Lit...

XSS vulnerability in OFBiz forms

https://issues.apache.org/jira/browse/OFBIZ-6506 In Ofbiz form need to escape characters from description column in a display-entity tag to avoid XSS attacks. display-entity entity-name="Table" description="$description" I tried to use bsh, as following: display-entity entity-name="Table"...

NEX-Forms <= 4.0 - Unauthenticated Blind SQL Injection

The NEX-Forms – Ultimate Form Builder – Contact forms and much more WordPress plugin was affected by an Unauthenticated Blind SQL Injection security vulnerability...

WordPress NEX-Forms Plugin <= 4.0 - Blind SQL Injection

Because of this vulnerability, unauthenticated attackers and authenticatged users can inject arbitrary SQL commands. Solution Upgrade the plugin...

Threat Outbreak Alert RuleID16427: Email Messages Distributing Malicious Software on July 6, 2015

Medium Alert ID: 39668 First Published: 2015 July 7 19:20 GMT Version: 1 Summary Cisco Security has detected significant activity related to spam email messages distributing malicious software. Email messages that are related to this threat RuleID16427 may contain the following files: Name | Size...

WordPress MailChimp Subscribe Forms PHP Code Execution

A PHP code execution vulnerability has been reported in Wordpress plugin MailChimp Subscribe Forms. The vulnerability is due to insufficient validation of user-controlled email address when handling subscribe requests. An unauthenticated remote attacker can exploit this vulnerability by sending a...

WordPress Aviary Image Editor Add-on For Gravity Forms Plugin Arbitrary File Upload Vulnerability

WordPress is a blogging platform developed using the PHP language, which supports personal blog sites on PHP and MySQL servers.Aviary Image Editor Add-on For Gravity Forms is a plug-in for Gravity Forms forms that integrates the Adobe Creative SDK Photo/Image Editor add-on for Gravity Forms. An...

ZTE ZXV10 W300 v3.1.0c_DR0 - UI Session Vulnerability

Document Title: =============== ZTE ZXV10 W300 v3.1.0cDR0 - UI Session Vulnerability References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=1522 Release Date: ============= 2015-06-16 Vulnerability Laboratory ID VL-ID: ==================================== 1522...

WordPress Aviary Image Editor Add On For Gravity Forms Plugin - Beta Shell Upload

The remote file upload vulnerability is in aviary-image-editor-add-on-for-gravity-forms/includes/upload.php. Because of this vulnerability anyone can upload any file to the system. Solution Upgrade the plugin...

WordPress Plugin Aviary Image Editor Addon For Gravity Forms 3.0 Beta - Arbitrary File Upload

WordPress Plugin Aviary Image Editor Addon For Gravity Forms 3.0 Beta - Arbitrary File Upload Title: Remote file upload vulnerability in aviary-image-editor-add-on-for-gravity-forms v3.0beta Wordpress plugin Author: Larry W. Cashdollar, @larry0 Date: 2015-06-07 Download Site:...

WordPress Plugin Aviary Image Editor Addon For Gravity Forms 3.0 Beta - Arbitrary File Upload

Title: Remote file upload vulnerability in aviary-image-editor-add-on-for-gravity-forms v3.0beta Wordpress plugin Author: Larry W. Cashdollar, @larry0 Date: 2015-06-07 Download Site: https://wordpress.org/plugins/aviary-image-editor-add-on-for-gravity-forms Vendor: Waters Edge Web Design and...

WordPress Aviary Image Editor Add On For Gravity Forms 3.0 Beta Shell Upload

Title: Remote file upload vulnerability in aviary-image-editor-add-on-for-gravity-forms v3.0beta Wordpress plugin Author: Larry W. Cashdollar, @larry0 Date: 2015-06-07 Download Site: https://wordpress.org/plugins/aviary-image-editor-add-on-for-gravity-forms Vendor: Waters Edge Web Design and...

WordPress Aviary Image Editor Add On For Gravity Forms 3.0 Beta Shell Upload Exploit

WordPress Aviary Image Editor Add On For Gravity Forms plugin version 3.0 beta suffers from a remote shell upload vulnerability. Title: Remote file upload vulnerability in aviary-image-editor-add-on-for-gravity-forms v3.0beta Wordpress plugin Author: Larry W. Cashdollar, @larry0 Date: 2015-06-07...

Aviary Image Editor Add-on For Gravity Forms <= 3.0beta - Unauthenticated File Upload

There is a remote file upload vulnerability in aviary-image-editor-add-on-for-gravity-forms/includes/upload.php. An unauthenticated user can upload any file to the system, including PHP files. upload.php does not check that the user is authenticated and a simple POST request will allow arbitrary...

WordPress Ninja Forms Plugin <= 2.9.18 - Cross Site Scripting

Because of this vulnerability, the attackers can inject arbitrary JavaScript or HTML code. Solution Update the plugin...

Ninja Forms <= 2.9.18 - Cross-Site Scripting (XSS)

The Ninja Forms Contact Form – The Drag and Drop Form Builder for WordPress WordPress plugin was affected by a Cross-Site Scripting XSS security vulnerability...

WordPress MailChimp Subscribe Forms Plugin 1.1 - Remote Code Execution

MailChimp Subscribe Forms plugin is prone to a remote code execution vulnerability via "email" field. Solution Upgrade the plugin...