WordPress plugin Ninja Forms 代码注入漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A code injection...

Scams Based on Fake Google Emails

Scammers are hacking Google Forms to send email to victims that come from google.com. Brian Krebs reports on the effects. Boing Boing post...

CVE-2024-10862

The NEX-Forms – Ultimate Form Builder – Contact forms and much more plugin for WordPress is vulnerable to SQL Injection via the 'searchparams' parameter in all versions up to, and including, 8.7.13 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on t...

CVE-2024-10862 NEX-Forms <= 8.7.13 - Authenticated (Admin+) SQL Injection

The NEX-Forms – Ultimate Form Builder – Contact forms and much more plugin for WordPress is vulnerable to SQL Injection via the 'searchparams' parameter in all versions up to, and including, 8.7.13 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on t...

CVE-2024-10862 NEX-Forms <= 8.7.15 - Authenticated (Admin+) SQL Injection

The NEX-Forms – Ultimate Form Builder – Contact forms and much more plugin for WordPress is vulnerable to SQL Injection via the 'searchparams' parameter in all versions up to, and including, 8.7.15 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on t...

CVE-2024-10862

CVE-2024-10862 affects the WordPress plugin “NEX-Forms – Ultimate Form Builder”. The issue is an authenticated SQL Injection via the search_params parameter in the affected queries, exploitable in versions up to 8.7.13 (and disclosed under authenticated admin context). Root cause: insufficient es...

WordPress plugin Bit Form 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...

WordPress plugin NEX-Forms SQL注入漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plug-in. A SQL injection...

PT-2024-16599 · WordPress · Nex-Forms

Name of the Vulnerable Software and Affected Versions: NEX-Forms – Ultimate Form Builder – Contact forms and much more plugin for WordPress versions up to 8.7.13 Description: The issue arises from insufficient escaping on the user-supplied search params parameter and a lack of sufficient...

WordPress NEX-Forms plugin <= 8.7.15 - Authenticated (Admin+) SQL Injection vulnerability

Authenticated Admin+ SQL Injection vulnerability discovered by M.Awad in WordPress Plugin NEX-Forms versions = 8.7.15...

Malicious code in ui-forms-embed-components-reporting (npm)

--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis 2cc02fa4d714e4e0de4210d4132cb0c07b319906e7f88f1f659e43e9ba8b9bb7 The OpenSSF Package Analysis project identified 'ui-forms-embed-components-reporting' @ 1.21.0 npm as malicious. It is considered malicious...

MAL-2024-12094 Malicious code in ui-forms-embed-components-reporting (npm)

--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis 2cc02fa4d714e4e0de4210d4132cb0c07b319906e7f88f1f659e43e9ba8b9bb7 The OpenSSF Package Analysis project identified 'ui-forms-embed-components-reporting' @ 1.21.0 npm as malicious. It is considered malicious...

How to Lose a Fortune with Just One Bad Click

Image: Shutterstock, iHaMoo. Adam Griffin is still in disbelief over how quickly he was robbed of nearly $500,000 in cryptocurrencies. A scammer called using a real Google phone number to warn his Gmail account was being hacked, sent email security alerts directly from google.com, and ultimately...

WordPress HTML Forms plugin <= 1.4.1 - Reflected Cross Site Scripting (XSS) vulnerability

Reflected Cross Site Scripting XSS vulnerability discovered by Peter Thaleikis Patchstack Alliance in WordPress Plugin HTML Forms versions = 1.4.1...

CVE-2024-54398

Cross-Site Request Forgery CSRF vulnerability in jcaruso001 Flaming Forms flaming-forms allows Stored XSS.This issue affects Flaming Forms: from n/a through = 1.0.1...

CVE-2024-54398 WordPress Flaming Forms plugin <= 1.0.1 - CSRF to Stored XSS vulnerability

Cross-Site Request Forgery CSRF vulnerability in Project Caruso Flaming Forms allows Stored XSS.This issue affects Flaming Forms: from n/a through 1.0.1...

CVE-2024-54398 WordPress Flaming Forms plugin <= 1.0.1 - CSRF to Stored XSS vulnerability

Cross-Site Request Forgery CSRF vulnerability in jcaruso001 Flaming Forms flaming-forms allows Stored XSS.This issue affects Flaming Forms: from n/a through = 1.0.1...

CVE-2024-54398

CVE-2024-54398: Flaming Forms (WordPress plugin) is affected by a Cross-Site Request Forgery (CSRF) that can lead to Stored XSS. Affected range: Flaming Forms versions from n/a up through 1.0.1. The vulnerability is documented with a CVSS v3.1 base score of 7.1 (HIGH) and is categorized under CSR...

PT-2024-36285 · Unknown · Flaming Forms

Name of the Vulnerable Software and Affected Versions: Flaming Forms versions 1.0.1 and earlier Description: The issue is a Cross-Site Request Forgery CSRF vulnerability that allows Stored XSS. This means an attacker can trick a user into performing unintended actions on a web application, and al...

WordPress plugin Flaming Forms 跨站请求伪造漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL. WordPress plugin is an application plugin. A cross-site request forge...