WordPress Ninja Forms File Uploads plugin <= 3.3.16 - Unauthenticated Stored Cross-Site Scripting via File Upload vulnerability

Unauthenticated Stored Cross-Site Scripting via File Upload vulnerability discovered by wesley wcraft in WordPress Plugin Ninja Forms File Uploads Extension versions = 3.3.16...

WordPress Ninja Forms File Uploads Extension Plugin <= 3.3.16 is vulnerable to Cross Site Scripting (XSS)

Software Ninja Forms File Uploads Extension Type Plugin Vulnerable versions = 3.3.16 Fixed in 3.3.18 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-1596 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 261b89d2f6fa Credi...

JVN#65724976: WordPress Plugin "Forminator" vulnerable to cross-site scripting

WordPress Plugin "Forminator" provided by WPMU DEV assists building web forms. When accessing the page including the web form created with Forminator, some information from the URL may be embedded to the web form. This feature processes the embedded information improperly, leading to cross-site...

WordPress plugin Forminator Forms 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...

Gutenberg Forms Plugin for WordPress <= 2.2.9 Arbitrary File Upload

The WordPress Gutenberg Forms Plugin installed on the remote host is affected by an unauthenticated arbitrary file upload vulnerability. Note that the scanner has not tested for these issues but has instead relied only on the application's self-reported version number. No source data...

CVE-2024-1596

The Ninja Forms - File Uploads plugin for WordPress is vulnerable to Stored Cross-Site Scripting via an uploaded file e.g. RTX file in all versions up to, and including, 3.3.16 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inje...

CVE-2024-1596

The Ninja Forms - File Uploads plugin for WordPress is vulnerable to Stored Cross-Site Scripting via an uploaded file e.g. RTX file in all versions up to, and including, 3.3.16 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inje...

CVE-2024-1596

Summary of CVE-2024-1596 (Ninja Forms - File Uploads, WordPress) Root cause: Stored Cross-Site Scripting due to insufficient input sanitization and output escaping in the Ninja Forms - File Uploads plugin for WordPress. Affected versions: all up to and including 3.3.16. Impact: unauthenticated at...

CVE-2024-1596 Ninja Forms File Uploads <= 3.3.16 - Unauthenticated Stored Cross-Site Scripting via File Upload

The Ninja Forms - File Uploads plugin for WordPress is vulnerable to Stored Cross-Site Scripting via an uploaded file e.g. RTX file in all versions up to, and including, 3.3.16 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inje...

PT-2024-18158 · WordPress · Ninja Forms - File Uploads

Name of the Vulnerable Software and Affected Versions: Ninja Forms - File Uploads plugin for WordPress versions up to, and including, 3.3.16 Description: The issue is a Stored Cross-Site Scripting vulnerability via an uploaded file, such as an RTX file, due to insufficient input sanitization and...

WordPress plugin Ninja Forms - File Uploads 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL. WordPress plugin is an application plugin. A cross-site scripting...

WordPress Form Vibes – Database Manager for Forms plugin <= 1.4.12 - Missing Authorization in Multiple Functions vulnerability

Missing Authorization in Multiple Functions vulnerability discovered by Peter Thaleikis in WordPress Plugin Form Vibes – Database Manager for Forms versions = 1.4.12...

WordPress Flaming Forms plugin <= 1.0.1 - Reflected XSS vulnerability

Reflected XSS vulnerability discovered by Bob Matyas in WordPress Plugin Flaming Forms versions = 1.0.1...

WordPress Flaming Forms plugin <= 1.0.1 - Unauthenticated Stored XSS vulnerability

Unauthenticated Stored XSS vulnerability discovered by Bob Matyas in WordPress Plugin Flaming Forms versions = 1.0.1...

Wordpress Ninja Forms plugin 3.8.6 - 3.8.10 - Reflected XSS

Wordpress Ninja Forms plugin 3.8.6 - 3.8.10 - Reflected XSS vulnerability discovered by Erwan LR WPScan in WordPress Plugin Ninja Forms versions 3.8.6-3.8.10...

WordPress Flaming Forms Plugin <= 1.0.1 is vulnerable to Cross Site Scripting (XSS)

Software Flaming Forms Type Plugin Vulnerable versions = 1.0.1 Fixed in N/A OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-7692 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 2875f02b2e42 Credits Bob Matyas Required...

WordPress Ninja Forms Plugin 3.8.6-3.8.10 is vulnerable to Cross Site Scripting (XSS)

Software Ninja Forms Type Plugin Vulnerable versions 3.8.6-3.8.10 Fixed in 3.8.11 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE N/A Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 9b1a720170de Credits Erwan LR WPScan Required privilege...

WordPress Flaming Forms Plugin <= 1.0.1 is vulnerable to Cross Site Scripting (XSS)

Software Flaming Forms Type Plugin Vulnerable versions = 1.0.1 Fixed in N/A OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-7691 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 74ab02fc965d Credits Bob Matyas Required...

CVE-2024-7691

The Flaming Forms WordPress plugin through 1.0.1 does not sanitise and escape some parameters, which could allow unauthenticated users to perform Cross-Site Scripting attacks against administrators...

CVE-2024-7691

The Flaming Forms WordPress plugin through 1.0.1 does not sanitise and escape some parameters, which could allow unauthenticated users to perform Cross-Site Scripting attacks against administrators...