WordPress plugin NEX-Forms SQL注入漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plug-in. A SQL injection...

PT-2024-35922 · Unknown · Basix Nex-Forms

Name of the Vulnerable Software and Affected Versions: Basix NEX-Forms – Ultimate Form Builder versions prior to 8.7.9 Description: The issue is related to the improper neutralization of special elements used in an SQL command, also known as 'SQL Injection'. This allows for malicious SQL commands...

PT-2024-16635 · WordPress · Pojo Forms

Name of the Vulnerable Software and Affected Versions: Pojo Forms plugin for WordPress versions 1.4.7 and earlier Description: The Pojo Forms plugin for WordPress is vulnerable to arbitrary shortcode execution via the form preview shortcode AJAX action. This is due to the software allowing users ...

WordPress Pojo Forms plugin <= 1.4.7 - Authenticated (Subscriber+) Arbitrary Shortcode Execution via form_preview_shortcode vulnerability

Authenticated Subscriber+ Arbitrary Shortcode Execution via formpreviewshortcode vulnerability discovered by Arkadiusz Hydzik in WordPress Plugin Pojo Forms versions = 1.4.7...

DRUPAL-CONTRIB-2024-071

This module allows a site builder to create multi-step entity forms leveraging the Field Group field type plugins. The module doesn't escape plain text administrative configurations. An attacker with admin access could inject arbitrary JavaScript code. This vulnerability is mitigated by the fact...

CVE-2024-40744

Unrestricted file upload via security bypass in Convert Forms component for Joomla in versions before 4.4.8...

CVE-2024-40745

Reflected Cross site scripting vulnerability in Convert Forms component for Joomla in versions before 4.4.8...

CVE-2024-40744

Unrestricted file upload via security bypass in Convert Forms component for Joomla in versions before 4.4.8...

CVE-2024-40745

Reflected Cross site scripting vulnerability in Convert Forms component for Joomla in versions before 4.4.8...

CVE-2024-40745 Extension - tassos.gr - Reflected Cross site scripting vulnerability in Convert Forms component for Joomla < 4.4.8

Reflected Cross site scripting vulnerability in Convert Forms component for Joomla in versions before 4.4.8...

CVE-2024-40745 Extension - tassos.gr - Reflected Cross site scripting vulnerability in Convert Forms component for Joomla < 4.4.8

Reflected Cross site scripting vulnerability in Convert Forms component for Joomla in versions before 4.4.8...

CVE-2024-40745

The CVE-2024-40745 entry concerns a Reflected Cross‑Site Scripting (XSS) vulnerability in the Joomla Convert Forms component, affecting versions prior to 4.4.8. Multiple connected sources (Red Hat, CVE lists, CNVD, CVE records) consistently identify the affected product as the Convert Forms compo...

CVE-2024-40744

CVE-2024-40744 affects the Joomla extension Convert Forms; versions prior to 4.4.8 are vulnerable. The issue is an unrestricted file upload via a security bypass in the Convert Forms component, enabling potential malicious uploads. The vulnerability is high impact (per CVSS 3.1: AV:N/AC:L/PR:N/UI...

CVE-2024-40744 Extension - tassos.gr - Unrestricted file upload in Convert Forms component for Joomla < 4.4.8

Unrestricted file upload via security bypass in Convert Forms component for Joomla in versions before 4.4.8...

CVE-2024-40744 Extension - tassos.gr - Unrestricted file upload in Convert Forms component for Joomla < 4.4.8

Unrestricted file upload via security bypass in Convert Forms component for Joomla in versions before 4.4.8...

CVE-2024-11293 Registration Forms – User Registration Forms, Invitation-Based Registrations, Front-end User Profile, Login Form & Content Restriction Social Sites Login <= 1.7.9 - Authentication Bypass via WordPress.com OAuth provider

The Registration Forms – User Registration Forms, Invitation-Based Registrations, Front-end User Profile, Login Form & Content Restriction Social Sites Login plugin for WordPress is vulnerable to authentication bypass in all versions up to, and including, 1.7.9. This is due to insufficient...

WordPress plugin Registration Forms 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...

PT-2024-29024 · Joomla · Joomla Convert Forms

Name of the Vulnerable Software and Affected Versions: Joomla Convert Forms component versions prior to 4.4.8 Description: The issue is related to a Reflected Cross site scripting vulnerability in the Convert Forms component for Joomla. This vulnerability allows for the execution of malicious...

PT-2024-29023 · Joomla · Convert Forms

Name of the Vulnerable Software and Affected Versions: Convert Forms component for Joomla versions prior to 4.4.8 Description: The issue is related to an unrestricted file upload via a security bypass in the Convert Forms component for Joomla. This allows for potential malicious file uploads...

Entity Form Steps - Moderately critical - Cross site scripting - SA-CONTRIB-2024-071

This module allows a site builder to create multi-step entity forms leveraging the Field Group field type plugins. The module doesn't escape plain text administrative configurations. An attacker with admin access could inject arbitrary JavaScript code. This vulnerability is mitigated by the fact...