PT-2024-38285 · WordPress · Ninja Forms

Name of the Vulnerable Software and Affected Versions: Ninja Forms versions prior to 3.8.11 Description: The issue is related to a Reflected Cross-Site Scripting that could be used against high privilege users such as admin. This occurs because the Ninja Forms WordPress plugin does not escape an...

PT-2024-34307 · Unknown · Fluent Forms

Name of the Vulnerable Software and Affected Versions: Fluent Forms versions up to, and including, 5.1.18 Description: The issue is related to an insufficient capability check on the verifyRequest function, allowing Form Managers with a Subscriber-level access and above to modify the Mailchimp AP...

WordPress plugin Fluent Forms 授权问题漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. An authorization issue...

PT-2024-38514 · WordPress · Flaming Forms

Name of the Vulnerable Software and Affected Versions: Flaming Forms WordPress plugin versions 1.0.0 through 1.0.1 Description: The issue is related to a Reflected Cross-Site Scripting problem. It occurs because a parameter is not properly sanitised and escaped before being outputted back in the...

PT-2024-38513 · WordPress · Flaming Forms

Name of the Vulnerable Software and Affected Versions: Flaming Forms WordPress plugin versions 1.0.1 and earlier Description: The issue is related to the Flaming Forms WordPress plugin, which does not properly sanitise and escape certain parameters. This could allow unauthenticated users to perfo...

WordPress Custom-contact-forms Plugin SQL Upload

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'WordPress custom-contact-forms Plugin SQL Upload', 'Description' = %q The WordPress custom-contact-forms plugin 'Marc-Alexandre Montpas',...

GHSA-9JQR-5X45-PGW8 Powermail TYPO3 extension Broken Access Control in the OutputController

An issue was discovered in powermail extension through 12.3.5 for TYPO3. Several actions in the OutputController can directly be called, due to missing or insufficiently implemented access checks, resulting in Broken Access Control. Depending on the configuration of the Powermail Frontend plugins...

WordPress Ninja Forms plugin <= 3.8.11 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by Joel Indra Patchstack Alliance in WordPress Plugin Ninja Forms versions = 3.8.11...

WordPress GetPaid plugin <= 2.8.11 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by Muhammad Daffa in WordPress Plugin GetPaid versions = 2.8.11...

WordPress Ninja Forms Plugin <= 3.8.11 is vulnerable to Cross Site Scripting (XSS)

Software Ninja Forms Type Plugin Vulnerable versions = 3.8.11 Fixed in 3.8.12 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-43999 Patch priority Low CVSS severity Low 5.9 Developer Claim ownership PSID f7b73633135b Credits Joel Indra Required privilege...

CVE-2024-43287

Cross-Site Request Forgery CSRF vulnerability in Brevo Newsletter, SMTP, Email marketing and Subscribe forms by Sendinblue.This issue affects Newsletter, SMTP, Email marketing and Subscribe forms by Sendinblue: from n/a through 3.1.82...

CVE-2024-43287

Cross-Site Request Forgery CSRF vulnerability in Brevo Newsletter, SMTP, Email marketing and Subscribe forms by Sendinblue.This issue affects Newsletter, SMTP, Email marketing and Subscribe forms by Sendinblue: from n/a through 3.1.82...

CVE-2024-39628

Cross-Site Request Forgery CSRF vulnerability in Saturday Drive Ninja Forms allows Cross Site Request Forgery.This issue affects Ninja Forms: from n/a through 3.8.6...

CVE-2024-39628

Cross-Site Request Forgery CSRF vulnerability in Saturday Drive Ninja Forms allows Cross Site Request Forgery.This issue affects Ninja Forms: from n/a through 3.8.6...

CVE-2024-39628 WordPress Ninja Forms plugin <= 3.8.6 - Cross Site Request Forgery (CSRF) vulnerability

Cross-Site Request Forgery CSRF vulnerability in Saturday Drive Ninja Forms allows Cross Site Request Forgery.This issue affects Ninja Forms: from n/a through 3.8.6...

CVE-2024-39628 WordPress Ninja Forms plugin <= 3.8.6 - Cross Site Request Forgery (CSRF) vulnerability

Cross-Site Request Forgery CSRF vulnerability in Saturday Drive Ninja Forms allows Cross Site Request Forgery.This issue affects Ninja Forms: from n/a through 3.8.6...

CVE-2024-39628

CVE-2024-39628 describes a CSRF vulnerability in the Ninja Forms WordPress plugin affecting versions

CVE-2024-43287 WordPress Brevo plugin <= 3.1.82 - Cross Site Request Forgery (CSRF) vulnerability

Cross-Site Request Forgery CSRF vulnerability in Brevo Newsletter, SMTP, Email marketing and Subscribe forms by Sendinblue.This issue affects Newsletter, SMTP, Email marketing and Subscribe forms by Sendinblue: from n/a through 3.1.82...

CVE-2024-43287

CVE-2024-43287 is a CSRF vulnerability in Brevo (Sendinblue) WordPress plugin forms (Newsletter, SMTP, Email marketing and Subscribe forms). The vulnerability affects Brevo forms up to version 3.1.82. The connected PT security entry recommends upgrading to 3.1.83 as the remediation. Other sources...

WordPress plugin Ninja Forms 跨站请求伪造漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site request forger...