WordPress Formidable Forms plugin <= 6.11.1 - Authenticated (Subscriber+) Stored Cross-Site Scripting vulnerability

Authenticated Subscriber+ Stored Cross-Site Scripting vulnerability discovered by zer0gh0st in WordPress Plugin Formidable Forms versions = 6.11.1...

WordPress plugin Formidable Forms 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...

PT-2024-37605 · WordPress · Html Forms

Name of the Vulnerable Software and Affected Versions: HTML Forms WordPress plugin versions prior to 1.3.34 Description: The issue concerns a lack of CSRF checks in certain areas, potentially allowing attackers to trick logged-in users into performing unintended actions through CSRF attacks...

WordPress HTML Forms Plugin < 1.3.34 is vulnerable to Cross Site Request Forgery (CSRF)

Software HTML Forms Type Plugin Vulnerable versions 1.3.34 Fixed in 1.3.34 OWASP Top 10 A5: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2024-6412 Patch priority Low CVSS severity Low 5.4 Developer Claim ownership PSID 512deb690c57 Credits Bob Matyas Required...

WordPress Formidable Forms Plugin <= 6.11.1 is vulnerable to Cross Site Scripting (XSS)

Software Formidable Forms Type Plugin Vulnerable versions = 6.11.1 Fixed in 6.11.2 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-6725 Patch priority Low CVSS severity Low 4.9 Developer Claim ownership PSID b87ac759b2ea Credits zer0gh0st Required...

WordPress plugin HTML Forms 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability exists in the...

PT-2024-37825 · WordPress · Formidable Forms

Name of the Vulnerable Software and Affected Versions: Formidable Forms – Contact Form Plugin, Survey, Quiz, Payment, Calculator Form & Custom Form Builder plugin for WordPress versions up to, and including, 6.11.1 Description: The issue is related to Stored Cross-Site Scripting via the html...

OneDrive Phishing Scam Tricks Users into Running Malicious PowerShell Script

Cybersecurity researchers are warning about a new phishing campaign that targets Microsoft OneDrive users with the aim of executing a malicious PowerShell script. "This campaign heavily relies on social engineering tactics to deceive users into executing a PowerShell script, thereby compromising...

ROS-20240729-01

Vulnerability in Forms Authentication in Application Server Web Application Examples Apache Tomcat exists due to failure to take measures to protect web page structure. Exploitation of the vulnerability could allow a remote attacker to conduct a cross-site scripting XSS attack...

CVE-2024-6703

The Contact Form Plugin by Fluent Forms for Quiz, Survey, and Drag & Drop WP Form Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘description’ and 'btntxt' parameters in all versions up to, and including, 5.1.19 due to insufficient input sanitization and output...

CVE-2024-6703

The Contact Form Plugin by Fluent Forms for Quiz, Survey, and Drag & Drop WP Form Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘description’ and 'btntxt' parameters in all versions up to, and including, 5.1.19 due to insufficient input sanitization and output...

CVE-2024-6703

CVE-2024-6703 affects the WordPress plugin “Contact Form Plugin by Fluent Forms for Quiz, Survey, and Drag & Drop WP Form Builder.” The vulnerability is a Stored Cross-Site Scripting (XSS) due to insufficient input sanitization and output escaping in the description and btn_txt parameters, exploi...

CVE-2024-6703 Contact Form Plugin by Fluent Forms for Quiz, Survey, and Drag & Drop WP Form Builder <= 5.1.19 - Authenticated (Subscriber+) Stored Cross-Site Scripting via Welcome Screen Fields

The Contact Form Plugin by Fluent Forms for Quiz, Survey, and Drag & Drop WP Form Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘description’ and 'btntxt' parameters in all versions up to, and including, 5.1.19 due to insufficient input sanitization and output...

CVE-2024-6521

The Contact Form Plugin by Fluent Forms for Quiz, Survey, and Drag & Drop WP Form Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting in all versions up to, and including, 5.1.19 due to insufficient input sanitization and output escaping. This makes it possible for...

CVE-2024-6520

The Contact Form Plugin by Fluent Forms for Quiz, Survey, and Drag & Drop WP Form Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting in all versions up to, and including, 5.1.19 due to insufficient input sanitization and output escaping. This makes it possible for...

CVE-2024-6520

The Contact Form Plugin by Fluent Forms for Quiz, Survey, and Drag & Drop WP Form Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via custom error message in all versions up to, and including, 5.1.19 due to insufficient input sanitization and output escaping. This makes ...

CVE-2024-6518

The Contact Form Plugin by Fluent Forms for Quiz, Survey, and Drag & Drop WP Form Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting in all versions up to, and including, 5.1.19 due to insufficient input sanitization and output escaping. This makes it possible for...

CVE-2024-6520

CVE-2024-6520 concerns the WordPress Fluent Forms Contact Form Plugin (Quiz, Survey, Drag & Drop) with a Stored Cross-Site Scripting flaw in versions up to 5.1.19, caused by insufficient input sanitization and output escaping. Exploitation requires Administrator-level privileges (and above) and c...

CVE-2024-6521

CVE-2024-6521 affects the WordPress plugin Contact Form Plugin by Fluent Forms for Quiz, Survey, and Drag & Drop WP Form Builder. All versions up to 5.1.19 are vulnerable to Stored Cross-Site Scripting due to insufficient input sanitization and output escaping. Exploitation requires Administrator...

CVE-2024-6521 Contact Form Plugin by Fluent Forms for Quiz, Survey, and Drag & Drop WP Form Builder <= 5.1.19 - Authenticated (Administrator+) Stored Cross-Site Scripting

The Contact Form Plugin by Fluent Forms for Quiz, Survey, and Drag & Drop WP Form Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via dropdown fields in all versions up to, and including, 5.1.19 due to insufficient input sanitization and output escaping. This makes it...