WordPress Ninja Forms – The Contact Form Builder That Grows With You plugin <= 3.8.16 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by Hwang Se-yeon in WordPress Plugin Ninja Forms versions = 3.8.16...

WordPress Ninja Forms Plugin <= 3.8.16 is vulnerable to Cross Site Scripting (XSS)

Software Ninja Forms Type Plugin Vulnerable versions = 3.8.16 Fixed in 3.8.18 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-50515 Patch priority Low CVSS severity Low 5.9 Developer Claim ownership PSID e2d92f3518fa Credits Hwang Se-yeon Required privilege...

WordPress Ninja Forms Plugin <= 3.8.16 is vulnerable to Cross Site Scripting (XSS)

Software Ninja Forms Type Plugin Vulnerable versions = 3.8.16 Fixed in 3.8.18 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-50514 Patch priority Low CVSS severity Low 5.9 Developer Claim ownership PSID 3c313a4c76ff Credits Hwang Se-yeon Required privilege...

CVE-2024-10402

The Forminator Forms – Contact Form, Payment Form & Custom Form Builder plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on a function in all versions up to, and including, 1.35.1. This makes it possible for authenticated attackers, with Contributor-leve...

CVE-2024-10402

The Forminator Forms – Contact Form, Payment Form & Custom Form Builder plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on a function in all versions up to, and including, 1.35.1. This makes it possible for authenticated attackers, with Contributor-leve...

CVE-2024-10402 Forminator Forms – Contact Form, Payment Form & Custom Form Builder <= 1.35.1 - Missing Authorization to Authenticated (Contributor+) Form Update and Creation

The Forminator Forms – Contact Form, Payment Form & Custom Form Builder plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on a function in all versions up to, and including, 1.35.1. This makes it possible for authenticated attackers, with Contributor-leve...

CVE-2024-10402 Forminator Forms – Contact Form, Payment Form & Custom Form Builder <= 1.35.1 - Missing Authorization to Authenticated (Contributor+) Form Update and Creation

The Forminator Forms – Contact Form, Payment Form & Custom Form Builder plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on a function in all versions up to, and including, 1.35.1. This makes it possible for authenticated attackers, with Contributor-leve...

CVE-2024-8870

The Forms for Mailchimp by Optin Cat – Grow Your MailChimp List plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of addqueryarg without appropriate escaping on the URL in all versions up to, and including, 2.5.7. This makes it possible for unauthenticated...

CVE-2024-9613

The FormFacade – WordPress plugin for Google Forms plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'userId' and 'publishId' parameters in all versions up to, and including, 1.3.6 due to insufficient input sanitization and output escaping. This makes it possible for...

CVE-2024-8870 Forms for Mailchimp by Optin Cat – Grow Your MailChimp List <= 2.5.7 - Reflected Cross-Site Scripting

The Forms for Mailchimp by Optin Cat – Grow Your MailChimp List plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of addqueryarg without appropriate escaping on the URL in all versions up to, and including, 2.5.7. This makes it possible for unauthenticated...

CVE-2024-8870 Forms for Mailchimp by Optin Cat – Grow Your MailChimp List <= 2.5.7 - Reflected Cross-Site Scripting

The Forms for Mailchimp by Optin Cat – Grow Your MailChimp List plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of addqueryarg without appropriate escaping on the URL in all versions up to, and including, 2.5.7. This makes it possible for unauthenticated...

CVE-2024-9613

CVE-2024-9613 affects the FormFacade – WordPress plugin for Google Forms. It is a Reflected Cross-Site Scripting vulnerability reachable without authentication, exploitable via the 'userId' and 'publishId' parameters in all versions up to 1.3.6 due to insufficient input sanitization and output es...

CVE-2024-9613 FormFacade – WordPress plugin for Google Forms <= 1.3.6 - Reflected Cross-Site Scripting

The FormFacade – WordPress plugin for Google Forms plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'userId' and 'publishId' parameters in all versions up to, and including, 1.3.6 due to insufficient input sanitization and output escaping. This makes it possible for...

CVE-2024-9613 FormFacade – WordPress plugin for Google Forms <= 1.3.6 - Reflected Cross-Site Scripting

The FormFacade – WordPress plugin for Google Forms plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'userId' and 'publishId' parameters in all versions up to, and including, 1.3.6 due to insufficient input sanitization and output escaping. This makes it possible for...

WordPress plugin Forminator Forms 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...

PT-2024-16248 · WordPress · The Forminator Forms

Name of the Vulnerable Software and Affected Versions: The Forminator Forms – Contact Form, Payment Form & Custom Form Builder plugin for WordPress versions up to, and including, 1.35.1 Description: The issue arises from a missing capability check on a function, allowing authenticated attackers...

PT-2024-39288 · WordPress · Forms For Mailchimp By Optin Cat

Name of the Vulnerable Software and Affected Versions: The Forms for Mailchimp by Optin Cat – Grow Your MailChimp List plugin for WordPress versions up to, and including, 2.5.6 Description: The issue is related to Reflected Cross-Site Scripting due to the use of add query arg without appropriate...

WordPress plugin Forms for Mailchimp by Optin Cat 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed in the PHP language. WordPress plugin is an application plugin that supports personal blogs on PHP and MySQL servers. A cross-site scripting vulnerability exists in WordPress...

CVE-2024-49767 Werkzeug possible resource exhaustion when parsing file data in forms

Werkzeug is a Web Server Gateway Interface web application library. Applications using werkzeug.formparser.MultiPartParser corresponding to a version of Werkzeug prior to 3.0.6 to parse multipart/form-data requests e.g. all flask applications are vulnerable to a relatively simple but effective...

WordPress Forms for Mailchimp by Optin Cat plugin <= 2.5.6 - Reflected Cross-Site Scripting vulnerability

Reflected Cross-Site Scripting vulnerability discovered by vgo0 in WordPress Plugin Forms for Mailchimp by Optin Cat versions = 2.5.6...