CVE-2024-8791

CVE-2024-8791 affects Charitable – Donation Plugin for WordPress (versions

CVE-2024-8791 Donation Forms by Charitable – Donations Plugin & Fundraising Platform for WordPress <= 1.8.1.14 - Insecure Direct Object Reference to Account Takeover and Privilege Escalation

The Donation Forms by Charitable – Donations Plugin & Fundraising Platform for WordPress plugin for WordPress is vulnerable to privilege escalation in all versions up to, and including, 1.8.1.14. This is due to the plugin not properly verifying a user's identity when the ID parameter is supplied...

WordPress CubeWP Forms – All-in-One Form Builder Plugin <= 1.1.1 is vulnerable to Cross Site Scripting (XSS)

Software CubeWP Forms – All-in-One Form Builder Type Plugin Vulnerable versions = 1.1.1 Fixed in 1.1.2 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-47300 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 126f1788c7ef Credits hunter85...

PT-2024-28105 · WordPress · Ninja Forms Contact Form

Name of the Vulnerable Software and Affected Versions: Ninja Forms Contact Form plugin for WordPress versions up to, and including, 3.8.15 Description: The issue is related to Reflected Self-Based Cross-Site Scripting via the 'Referer' header due to insufficient input sanitization and output...

PT-2024-39255 · WordPress · Donation Forms By Charitable

Name of the Vulnerable Software and Affected Versions: Donation Forms by Charitable – Donations Plugin & Fundraising Platform for WordPress versions up to, and including, 1.8.1.14 Description: The issue is due to the plugin not properly verifying a user's identity when the ID parameter is supplie...

WordPress plugin Donation Forms by Charitable 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin ... A security vulnerability...

The vulnerability of the Forms component in Microsoft Edge and Google Chrome browsers allows attackers to access sensitive data, compromise its integrity, and cause service interruptions.

The vulnerability of the Forms component in Microsoft Edge and Google Chrome relates to the use of memory after it is freed. Exploiting this vulnerability allows an attacker to gain access to confidential data, compromise its integrity, and cause service interruptions through a specially created...

CVE-2024-43999

Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in Saturday Drive Ninja Forms allows Stored XSS.This issue affects Ninja Forms: from n/a through 3.8.11...

CVE-2024-43999

Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in Saturday Drive Ninja Forms allows Stored XSS.This issue affects Ninja Forms: from n/a through 3.8.11...

CVE-2024-43999

CVE-2024-43999 pertains to Ninja Forms (WordPress plugin) prior to or equal to 3.8.11 and is described as a Stored XSS vulnerability caused by improper input neutralization during web page generation. The CVE details indicate the issue affects Ninja Forms: from n/a through 3.8.11, with CVSSv3.1 b...

CVE-2024-43999 WordPress Ninja Forms plugin <= 3.8.11 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in Saturday Drive Ninja Forms allows Stored XSS.This issue affects Ninja Forms: from n/a through 3.8.11...

CVE-2024-43999 WordPress Ninja Forms plugin <= 3.8.11 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in Saturday Drive Ninja Forms allows Stored XSS.This issue affects Ninja Forms: from n/a through 3.8.11...

CVE-2024-47047

An issue was discovered in the powermail extension through 12.4.0 for TYPO3. It fails to validate the mail parameter of the createAction, resulting in Insecure Direct Object Reference IDOR in some configurations. An unauthenticated attacker can use this to display user-submitted data of all forms...

WordPress plugin Ninja Forms 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site scripting...

CVE-2024-8246

The Post Form – Registration Form – Profile Form for User Profiles – Frontend Content Forms for User Submissions UGC plugin for WordPress is vulnerable to privilege escalation in all versions up to, and including, 2.8.11. This is due to plugin not properly restricting what users have access to se...

CVE-2024-8246 Post Form – Registration Form – Profile Form for User Profiles – Frontend Content Forms for User Submissions (UGC) <= 2.8.11 - Authenticated (Contributor+) Privilege Escalation

The Post Form – Registration Form – Profile Form for User Profiles – Frontend Content Forms for User Submissions UGC plugin for WordPress is vulnerable to privilege escalation in all versions up to, and including, 2.8.11. This is due to plugin not properly restricting what users have access to se...

CVE-2024-7888

CVE-2024-7888 pertains to the Classified Listing – Classified ads & Business Directory Plugin for WordPress. The vulnerability is caused by missing capability checks in multiple functions (e.g., export_forms(), import_forms(), update_fb_options()) across all versions up to 3.1.7, enabling authent...

WordPress plugin Classified Listing 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A security vulnerability exists in WordPres...

PT-2024-38888 · WordPress · The Post Form – Registration Form – Profile Form For User Profiles – Frontend Content Forms For User Submissions

Name of the Vulnerable Software and Affected Versions: The Post Form – Registration Form – Profile Form for User Profiles – Frontend Content Forms for User Submissions UGC plugin for WordPress versions up to, and including, 2.8.11 Description: The vulnerability is due to the plugin not properly...

WordPress Plugin "Forminator" vulnerable to cross-site scripting

Overview WordPress Plugin "Forminator" provided by WPMU DEV assists building web forms. When accessing the page including the web form created with Forminator, some information from the URL may be embedded to the web form. This feature processes the embedded information improperly, leading to...