CVE-2024-10521

The WordPress Contact Forms by Cimatti plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.9.2. This is due to missing or incorrect nonce validation on the processbulkaction function. This makes it possible for unauthenticated attackers to dele...

CVE-2024-10521

The WordPress Contact Forms by Cimatti plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.9.2. This is due to missing or incorrect nonce validation on the processbulkaction function. This makes it possible for unauthenticated attackers to dele...

CVE-2024-10521

CVE-2024-10521 affects WordPress Contact Forms by Cimatti (WordPress plugin). It is a Cross-Site Request Forgery vulnerability caused by missing or incorrect nonce validation in the process_bulk_action function, allowing unauthenticated attackers to delete forms via forged requests if a site admi...

CVE-2024-10521 WordPress Contact Forms by Cimatti <= 1.9.2 - Cross-Site Request Forgery via process_bulk_action Function

The WordPress Contact Forms by Cimatti plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.9.2. This is due to missing or incorrect nonce validation on the processbulkaction function. This makes it possible for unauthenticated attackers to dele...

WordPress Contact Forms by Cimatti Plugin <= 1.9.2 is vulnerable to Cross Site Request Forgery (CSRF)

Software Contact Forms by Cimatti Type Plugin Vulnerable versions = 1.9.2 Fixed in 1.9.3 OWASP Top 10 A5: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2024-10521 Patch priority Low CVSS severity Low 4.3 Developer Cimatti Consulting PSID 2351691c2ff2 Credits vgo0...

CVE-2024-10579

The Hustle – Email Marketing, Lead Generation, Optins, Popups plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the previewmodule function in all versions up to, and including, 7.8.5. This makes it possible for authenticated attackers, with...

WordPress Everest Forms plugin < 3.0.4.2 - Admin+ Stored XSS vulnerability

Admin+ Stored XSS vulnerability discovered by Dmitrii Ignatyev in WordPress Plugin Everest Forms versions 3.0.4.2...

CVE-2024-10471

The Everest Forms WordPress plugin before 3.0.4.2 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

CVE-2024-10471

The Everest Forms WordPress plugin before 3.0.4.2 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

CVE-2024-10471

CVE-2024-10471 affects the Everest Forms WordPress plugin prior to version 3.0.4.2. The issue arises because the plugin does not sanitize/escape certain settings, potentially allowing high-privilege users (e.g., administrators) to perform Stored XSS even when unfiltered_html is disallowed (e.g., ...

CVE-2024-10471 Everest Forms < 3.0.4.2 - Admin+ Stored XSS

The Everest Forms WordPress plugin before 3.0.4.2 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

PT-2024-16301 · WordPress · Everest Forms

Name of the Vulnerable Software and Affected Versions: Everest Forms WordPress plugin versions prior to 3.0.4.2 Description: The issue allows high privilege users, such as admins, to perform Stored Cross-Site Scripting attacks, even when the unfiltered html capability is disallowed, for example, ...

PT-2024-16378 · WordPress · The Hustle – Email Marketing

Name of the Vulnerable Software and Affected Versions: The Hustle – Email Marketing, Lead Generation, Optins, Popups plugin for WordPress versions up to, and including, 7.8.5 Description: The issue is related to unauthorized access of data due to a missing capability check on the preview module...

WordPress plugin Everest Forms 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security...

WordPress Everest Forms Plugin < 3.0.4.2 is vulnerable to Cross Site Scripting (XSS)

Software Everest Forms Type Plugin Vulnerable versions 3.0.4.2 Fixed in 3.0.4.2 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-10471 Patch priority Low CVSS severity Low 5.9 Developer Claim ownership PSID 675cfcd37990 Credits Dmitrii Ignatyev Requir...

CVE-2024-11188

The Formidable Forms – Contact Form Plugin, Survey, Quiz, Payment, Calculator Form & Custom Form Builder plugin for WordPress is vulnerable to POST-Based Reflected Cross-Site Scripting via the Custom HTML Form parameters in all versions up to, and including, 6.16.1.2 due to insufficient input...

CVE-2024-11188

The Formidable Forms – Contact Form Plugin, Survey, Quiz, Payment, Calculator Form & Custom Form Builder plugin for WordPress is vulnerable to POST-Based Reflected Cross-Site Scripting via the Custom HTML Form parameters in all versions up to, and including, 6.16.1.2 due to insufficient input...

CVE-2024-11188 Formidable Forms – Contact Form Plugin, Survey, Quiz, Payment, Calculator Form & Custom Form Builder <= 6.16.1.2 - Reflected Cross-Site Scripting via Custom HTML Form Parameter

The Formidable Forms – Contact Form Plugin, Survey, Quiz, Payment, Calculator Form & Custom Form Builder plugin for WordPress is vulnerable to POST-Based Reflected Cross-Site Scripting via the Custom HTML Form parameters in all versions up to, and including, 6.16.1.2 due to insufficient input...

CVE-2024-11188

Formidable Forms – Contact Form Plugin for WordPress (CVE-2024-11188) is affected by a POST-based Reflected Cross-Site Scripting vulnerability via Custom HTML Form parameters in all versions up to 6.16.1.2, caused by insufficient input sanitization and output escaping. Attackers can exploit this ...

CVE-2024-11332

CVE-2024-11332 : Stored XSS in the WordPress plugin “HIPAA Compliant Forms with Drag’n’Drop HIPAA Form Builder. Sign HIPAA documents” (versions up to 1.3.4) via the hipaatizer shortcode. Exploitation requires authenticated access at contributor level or higher; payloads execute when users view in...