8200 matches found
CVE-2024-43211
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in PluginOps MailChimp Subscribe Forms allows Stored XSS.This issue affects MailChimp Subscribe Forms : from n/a through 4.0.9.9...
CVE-2024-37463
Missing Authorization vulnerability in CRM Perks CRM Perks Forms allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects CRM Perks Forms: from n/a through 1.1.5...
CVE-2024-37463
CVE-2024-37463 is a Missing Authorization vulnerability in the WordPress plugin CRM Perks Forms (affected: 1.1.5 and earlier). The CVE description and related sources confirm this is a Broken Access Control issue where functionality is not properly constrained by ACLs, allowing unauthenticated ac...
CVE-2024-37463 WordPress CRM Perks Forms plugin <= 1.1.5 - Broken Access Control vulnerability
Missing Authorization vulnerability in CRM Perks CRM Perks Forms allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects CRM Perks Forms: from n/a through 1.1.5...
CVE-2024-37463 WordPress CRM Perks Forms plugin <= 1.1.5 - Broken Access Control vulnerability
Missing Authorization vulnerability in CRM Perks CRM Perks Forms allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects CRM Perks Forms: from n/a through 1.1.5...
CVE-2024-37506 WordPress Donation Forms by Charitable plugin <= 1.8.1.7 - Broken Access Control vulnerability
Missing Authorization vulnerability in Charitable Donations & Fundraising Team Charitable allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Charitable: from n/a through 1.8.1.7...
CVE-2024-37510 WordPress Donation Forms by Charitable plugin <= 1.8.1.7 - Broken Access Control vulnerability
Missing Authorization vulnerability in Charitable Donations & Fundraising Team Charitable allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Charitable: from n/a through 1.8.1.7...
CVE-2024-43211 WordPress MailChimp Subscribe Form plugin <=4.0.9.9 - Stored Cross-Site Scripting vulnerability
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in PluginOps MailChimp Subscribe Forms allows Stored XSS.This issue affects MailChimp Subscribe Forms : from n/a through 4.0.9.9...
CVE-2024-43211
CVE-2024-43211 is a Stored XSS vulnerability in the WordPress plugin MailChimp Subscribe Forms (versions up to and including 4.0.9.9; affected versions are listed as n/a through 4.0.9.9). The issue stems from improper neutralization of input during web page generation. Impact is described as cros...
CVE-2024-43973 WordPress GetPaid plugin <= 2.8.11 - Broken Access Control vulnerability
Missing Authorization vulnerability in Stiofan GetPaid invoicing allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects GetPaid: from n/a through = 2.8.11...
CVE-2024-43973 WordPress Payment forms, Buy now buttons and Invoicing System plugin <= 2.8.11 - Broken Access Control vulnerability
Missing Authorization vulnerability in AyeCode Ltd GetPaid allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects GetPaid: from n/a through 2.8.11...
WordPress plugin MailChimp Subscribe Forms 跨站脚本漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed in the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site scripting...
PT-2024-30374 · Pluginops · Pluginops Mailchimp Subscribe Forms
Name of the Vulnerable Software and Affected Versions: PluginOps MailChimp Subscribe Forms versions n/a through 4.0.9.9 Description: The issue is related to improper neutralization of input during web page generation, also known as Cross-site Scripting XSS. This allows for Stored XSS attacks...
WordPress plugin CRM Perks Forms 安全漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...
PT-2024-27574 · Crm Perks · Crm Perks Forms
Name of the Vulnerable Software and Affected Versions: CRM Perks Forms versions 1.1.5 and earlier Description: The issue is related to a Missing Authorization vulnerability, which allows accessing functionality not properly constrained by ACLs. Recommendations: For CRM Perks Forms versions 1.1.5...
CVE-2024-9700
The Forminator Forms – Contact Form, Payment Form & Custom Form Builder plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 1.36.0 via the submitquizzes function due to missing validation on the 'entryid' user controlled key. This makes it...
CVE-2024-9700
The Forminator Forms – Contact Form, Payment Form & Custom Form Builder plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 1.36.0 via the submitquizzes function due to missing validation on the 'entryid' user controlled key. This makes it...
CVE-2024-9700
CVE-2024-9700 affects the WordPress plugin “Forminator Forms – Contact Form, Payment Form & Custom Form Builder” and covers all versions up to and including 1.36.0. The vulnerability is an Insecure Direct Object Reference via the submit_quizzes() function, caused by missing validation on the entr...
CVE-2024-9700 Forminator Forms – Contact Form, Payment Form & Custom Form Builder <= 1.36.0 - Insecure Direct Object Reference to Submission Manipulation
The Forminator Forms – Contact Form, Payment Form & Custom Form Builder plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 1.36.0 via the submitquizzes function due to missing validation on the 'entryid' user controlled key. This makes it...
CVE-2024-9700 Forminator Forms – Contact Form, Payment Form & Custom Form Builder <= 1.36.0 - Insecure Direct Object Reference to Submission Manipulation
The Forminator Forms – Contact Form, Payment Form & Custom Form Builder plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 1.36.0 via the submitquizzes function due to missing validation on the 'entryid' user controlled key. This makes it...