CVE-2024-11332 HIPAA Compliant Forms with Drag’n’Drop HIPAA Form Builder. Sign HIPAA documents <= 1.3.4 - Authenticated (Contributor+) Stored Cross-Site Scripting

The HIPAA Compliant Forms with Drag’n’Drop HIPAA Form Builder. Sign HIPAA documents plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'hipaatizer' shortcode in all versions up to, and including, 1.3.4 due to insufficient input sanitization and output escaping on...

CVE-2024-11332 HIPAA Compliant Forms with Drag’n’Drop HIPAA Form Builder. Sign HIPAA documents <= 1.3.4 - Authenticated (Contributor+) Stored Cross-Site Scripting

The HIPAA Compliant Forms with Drag’n’Drop HIPAA Form Builder. Sign HIPAA documents plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'hipaatizer' shortcode in all versions up to, and including, 1.3.4 due to insufficient input sanitization and output escaping on...

WordPress plugin Formidable Forms 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site scripting...

WordPress Formidable Forms plugin <= 6.16.1.2 - Reflected Cross-Site Scripting via Custom HTML Form Parameter vulnerability

Reflected Cross-Site Scripting via Custom HTML Form Parameter vulnerability discovered by mikemyers in WordPress Plugin Formidable Forms versions = 6.16.1.2...

PT-2024-16917 · WordPress · Hipaa Compliant Forms With Drag’N’Drop Hipaa Form Builder

Name of the Vulnerable Software and Affected Versions: HIPAA Compliant Forms with Drag’n’Drop HIPAA Form Builder plugin for WordPress versions up to, and including, 1.3.4 Description: The issue is related to Stored Cross-Site Scripting via the plugin's 'hipaatizer' shortcode due to insufficient...

WordPress Formidable Forms Plugin <= 6.16.1.2 is vulnerable to Cross Site Scripting (XSS)

Software Formidable Forms Type Plugin Vulnerable versions = 6.16.1.2 Fixed in 6.16.2 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-11188 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 7e72b3f5e2de Credits mikemyers...

WordPress Formidable Forms plugin < 6.14.1 - Admin+ Stored XSS vulnerability

Admin+ Stored XSS vulnerability discovered by Krugov Artyom in WordPress Plugin Formidable Forms versions 6.14.1...

CVE-2024-9768

The Formidable Forms WordPress plugin before 6.14.1 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

CVE-2024-9768

The Formidable Forms WordPress plugin before 6.14.1 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

CVE-2024-9768 Formidable Forms < 6.14.1 - Admin+ Stored XSS

The Formidable Forms WordPress plugin before 6.14.1 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

CVE-2024-9768 Formidable Forms < 6.14.1 - Admin+ Stored XSS

The Formidable Forms WordPress plugin before 6.14.1 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

CVE-2024-9768

Formidable Forms WordPress plugin prior to version 6.14.1 is affected: it does not sanitize/escape certain settings, enabling Stored XSS by high-privilege users (e.g., admins) even when unfiltered_html is disallowed (such as in multisite). Impact is a stored XSS vector within plugin settings; rem...

WordPress Formidable Forms Plugin < 6.14.1 is vulnerable to Cross Site Scripting (XSS)

Software Formidable Forms Type Plugin Vulnerable versions 6.14.1 Fixed in 6.14.1 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-9768 Patch priority Low CVSS severity Low 5.9 Developer Claim ownership PSID 929c3f675f30 Credits Krugov Artyom Required...

PT-2024-39830 · WordPress · Formidable Forms

Name of the Vulnerable Software and Affected Versions: Formidable Forms WordPress plugin versions prior to 6.14.1 Description: The issue allows high privilege users, such as admins, to perform Stored Cross-Site Scripting attacks. This can occur even when the unfiltered html capability is...

WordPress plugin Formidable Forms 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...

django-cms-qe (>=1.4.3 <=3.7.2), django-crunch (=0.1.12) +8 more potentially affected by CVE-2024-11406 via djangocms-attributes-field (>=0.3.0 <=3.0.0)

djangocms-attributes-field PYPI version =0.3.0, =1.4.3, =0.6.2, =7.0.4, =1.0.0, =1.0.0, =2.0.0, =2.28.1, =0.1.0, =1.0.0b3 - taccsite-cms =3.6.0a0 Source cves: CVE-2024-11406 Source advisory: OSV:GHSA-VXCV-4XVF-PC22...

WordPress BSK Forms Validation plugin <= 1.7 - Reflected Cross Site Scripting (XSS) vulnerability

Reflected Cross Site Scripting XSS vulnerability discovered by Le Ngoc Anh in WordPress Plugin BSK Forms Validation versions = 1.7...

CVE-2024-8726

The MailChimp Forms by MailMunch plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of addqueryarg without appropriate escaping on the URL in all versions up to, and including, 3.2.3. This makes it possible for unauthenticated attackers to inject arbitrary web...

CVE-2024-8726 MailChimp Forms by MailMunch <= 3.2.3 - Reflected Cross-Site Scripting

The MailChimp Forms by MailMunch plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of addqueryarg without appropriate escaping on the URL in all versions up to, and including, 3.2.3. This makes it possible for unauthenticated attackers to inject arbitrary web...

CVE-2024-8726

CVE-2024-8726 : MailChimp Forms by MailMunch (WordPress) is vulnerable to Reflected Cross-Site Scripting due to improper escaping in URLs via add_query_arg in all versions up to and including 3.2.3. Unauthenticated attackers can inject scripts in pages that a user might trigger by clicking links,...