WordPress MailChimp Subscribe Form plugin <= 4.0.9.7 - Stored Cross-Site Scripting vulnerability

Stored Cross-Site Scripting vulnerability discovered by Steven Julian Patchstack Alliance in WordPress Plugin MailChimp Subscribe Forms versions = 4.0.9.7...

WordPress BSK Forms Blacklist Plugin <= 3.8 is vulnerable to Cross Site Scripting (XSS)

Software BSK Forms Blacklist Type Plugin Vulnerable versions = 3.8 Fixed in 3.8.1 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-43233 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 39a05d2b3c1d Credits LVT-tholv2k Required privilege...

WordPress MailChimp Subscribe Forms Plugin <= 4.0.9.9 is vulnerable to Cross Site Scripting (XSS)

Software MailChimp Subscribe Forms Type Plugin Vulnerable versions = 4.0.9.9 Fixed in N/A OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-43211 Patch priority Low CVSS severity Low 5.9 Developer Claim ownership PSID b6921b6bb1b6 Credits Steven Julian Required...

DRUPAL-CONTRIB-2024-029

The Opigno Learning Path module enables you to manage group content. Administrative forms allow uploading malicious files which may contain arbitrary code RCE or cross site scriptiong XSS. These forms were not adequately controlled with permissions that communicate the severity of the permission...

CVE-2024-7484

The CRM Perks Forms plugin for WordPress is vulnerable to arbitrary file uploads due to insufficient file validation on the 'handleuploadedfiles' function in versions up to, and including, 1.1.3. This makes it possible for authenticated attackers with administrator-level capabilities or above, to...

CVE-2024-7484 CRM Perks Forms <= 1.1.3 - Authenticated (Administrator+) Arbitrary File Upload

The CRM Perks Forms plugin for WordPress is vulnerable to arbitrary file uploads due to insufficient file validation on the 'handleuploadedfiles' function in versions up to, and including, 1.1.3. This makes it possible for authenticated attackers with administrator-level capabilities or above, to...

WordPress plugin CRM Perks Forms 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...

WordPress CRM Perks Forms Plugin <= 1.1.3 is vulnerable to Arbitrary File Upload

Software CRM Perks Forms Type Plugin Vulnerable versions = 1.1.3 Fixed in 1.1.4 OWASP Top 10 A1: Injection Classification Arbitrary File Upload CVE CVE-2024-7484 Patch priority Low CVSS severity Low 9.1 Developer Claim ownership PSID c7c64ee12633 Credits István Márton Required privilege...

CVE-2024-39643

Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in RegistrationMagic Forms RegistrationMagic allows Stored XSS.This issue affects RegistrationMagic: from n/a through 6.0.0.1...

PT-2024-14475 · WordPress · Wpforms User Registration

Name of the Vulnerable Software and Affected Versions: WPForms User Registration versions n/a through 2.1.0 Description: The issue is related to Improper Privilege Management, allowing Privilege Escalation in WPForms User Registration. Recommendations: For versions n/a through 2.1.0, update to a...

CVE-2024-6725

The Formidable Forms – Contact Form Plugin, Survey, Quiz, Payment, Calculator Form & Custom Form Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘html’ parameter in all versions up to, and including, 6.11.1 due to insufficient input sanitization and output...

CVE-2024-6725

The Formidable Forms – Contact Form Plugin, Survey, Quiz, Payment, Calculator Form & Custom Form Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘html’ parameter in all versions up to, and including, 6.11.1 due to insufficient input sanitization and output...

CVE-2024-6725 Formidable Forms <= 6.11.1 - Authenticated (Subscriber+) Stored Cross-Site Scripting

The Formidable Forms – Contact Form Plugin, Survey, Quiz, Payment, Calculator Form & Custom Form Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘html’ parameter in all versions up to, and including, 6.11.1 due to insufficient input sanitization and output...

CVE-2024-6725

Formidable Forms (WordPress)

WordPress HTML Forms plugin < 1.3.34 - Bulk Delete via CSRF vulnerability

Bulk Delete via CSRF vulnerability discovered by Bob Matyas in WordPress Plugin HTML Forms versions 1.3.34...

CVE-2024-6412

The HTML Forms WordPress plugin before 1.3.34 does not have CSRF checks in some places, which could allow attackers to make logged in users perform unwanted actions via CSRF attacks...

CVE-2024-6412

The HTML Forms WordPress plugin before 1.3.34 does not have CSRF checks in some places, which could allow attackers to make logged in users perform unwanted actions via CSRF attacks...

CVE-2024-6412

CVE-2024-6412 affects HTML Forms – Simple WordPress Forms Plugin prior to 1.3.34. Description indicates CSRF checks are missing in some areas, enabling CSRF attacks that could cause logged-in users to perform unintended actions. Connected Patchstack data confirms a fix: upgrade to version 1.3.34 ...

CVE-2024-6412 HTML Forms – Simple WordPress Forms Plugin < 1.3.34 - Bulk Delete via CSRF

The HTML Forms WordPress plugin before 1.3.34 does not have CSRF checks in some places, which could allow attackers to make logged in users perform unwanted actions via CSRF attacks...

CVE-2024-6412 HTML Forms – Simple WordPress Forms Plugin < 1.3.34 - Bulk Delete via CSRF

The HTML Forms WordPress plugin before 1.3.34 does not have CSRF checks in some places, which could allow attackers to make logged in users perform unwanted actions via CSRF attacks...