PT-2024-37685 · Fluent Forms · Contact-Form-Plugin

Name of the Vulnerable Software and Affected Versions: The Contact Form Plugin by Fluent Forms for Quiz, Survey, and Drag & Drop WP Form Builder plugin for WordPress versions up to, and including, 5.1.19 Description: The issue is related to Stored Cross-Site Scripting due to insufficient input...

PT-2024-37810 · Fluent Forms · Contact Form Plugin By Fluent Forms

Name of the Vulnerable Software and Affected Versions: Contact Form Plugin by Fluent Forms for Quiz, Survey, and Drag & Drop WP Form Builder plugin for WordPress versions up to, and including, 5.1.19 Description: The issue is related to Stored Cross-Site Scripting due to insufficient input...

PT-2024-37684 · Fluent Forms · Contact Form Plugin By Fluent Forms

Name of the Vulnerable Software and Affected Versions: The Contact Form Plugin by Fluent Forms for Quiz, Survey, and Drag & Drop WP Form Builder plugin for WordPress versions up to, and including, 5.1.19 Description: The issue is related to Stored Cross-Site Scripting due to insufficient input...

WordPress Ninja Forms plugin <= 3.8.6 - Cross Site Request Forgery (CSRF) vulnerability

Cross Site Request Forgery CSRF vulnerability discovered by Rafie Muhammad Patchstack in WordPress Plugin Ninja Forms versions = 3.8.6...

WordPress Ninja Forms Plugin <= 3.8.6 is vulnerable to Cross Site Request Forgery (CSRF)

Software Ninja Forms Type Plugin Vulnerable versions = 3.8.6 Fixed in 3.8.7 OWASP Top 10 A1: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2024-39628 Patch priority Low CVSS severity Low 5.4 Developer Claim ownership PSID d4c57bafbe6c Credits Rafie Muhammad Patchsta...

Adobe Experience Manager 跨站脚本漏洞

Adobe Experience Manager AEM is a set of content management solutions that can be used to build websites, mobile applications and forms from the American company Odobie Adobe. The program supports mobile content management, marketing and sales campaign management and multi-site management. A...

CVE-2024-38773

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Adrian Tobey FormLift for Infusionsoft Web Forms allows Blind SQL Injection.This issue affects FormLift for Infusionsoft Web Forms: from n/a through 7.5.17...

CVE-2024-38773

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Adrian Tobey FormLift for Infusionsoft Web Forms allows Blind SQL Injection.This issue affects FormLift for Infusionsoft Web Forms: from n/a through 7.5.17...

CVE-2024-38773

CVE-2024-38773: WordPress FormLift for Infusionsoft Web Forms (

CVE-2024-38773 WordPress formlift plugin <= 7.5.17 - Unauthenticated Blind SQL Injection vulnerability

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Adrian Tobey FormLift for Infusionsoft Web Forms allows Blind SQL Injection.This issue affects FormLift for Infusionsoft Web Forms: from n/a through 7.5.17...

WordPress HTML Forms plugin < 1.3.33 - Admin+ Stored XSS vulnerability

Admin+ Stored XSS vulnerability discovered by Majdeddine Ben Hadj Brahim in WordPress Plugin HTML Forms versions 1.3.33...

CVE-2024-6243

The HTML Forms WordPress plugin before 1.3.33 does not sanitize and escape the form message inputs, allowing high-privilege users, such as administrators, to perform Stored Cross-Site Scripting XSS attacks even when the unfilteredhtml capability is disabled...

CVE-2024-6243

The HTML Forms WordPress plugin before 1.3.33 does not sanitize and escape the form message inputs, allowing high-privilege users, such as administrators, to perform Stored Cross-Site Scripting XSS attacks even when the unfilteredhtml capability is disabled...

CVE-2024-6243

CVE-2024-6243 affects the WordPress plugin HTML Forms prior to version 1.3.33. The vulnerability is a Stored XSS in form message inputs due to lack of sanitization/escaping, enabling high-privilege users (e.g., administrators) to inject scripts. Public writeups in multiple sources (NVD/NIST entry...

CVE-2024-6243 HTML Forms < 1.3.33 - Admin+ Stored XSS

The HTML Forms WordPress plugin before 1.3.33 does not sanitize and escape the form message inputs, allowing high-privilege users, such as administrators, to perform Stored Cross-Site Scripting XSS attacks even when the unfilteredhtml capability is disabled...

CVE-2024-6243 HTML Forms < 1.3.33 - Admin+ Stored XSS

The HTML Forms WordPress plugin before 1.3.33 does not sanitize and escape the form message inputs, allowing high-privilege users, such as administrators, to perform Stored Cross-Site Scripting XSS attacks even when the unfilteredhtml capability is disabled...

PT-2024-37475 · WordPress · Html Forms

Name of the Vulnerable Software and Affected Versions: HTML Forms WordPress plugin versions prior to 1.3.33 Description: The issue allows high-privilege users, such as administrators, to perform Stored Cross-Site Scripting XSS attacks. This is possible because the plugin does not properly sanitiz...

PT-2024-28209

Name of the Vulnerable Software and Affected Versions FormLift for Infusionsoft Web Forms versions n/a through 7.5.17 Description The issue is related to an SQL Injection vulnerability, specifically a Blind SQL Injection, due to improper neutralization of special elements used in an SQL command...

CVE-2024-37512

Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in Basix NEX-Forms – Ultimate Form Builder allows Stored XSS.This issue affects NEX-Forms – Ultimate Form Builder: from n/a through 8.5.10...

CVE-2024-37512

Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in Basix NEX-Forms – Ultimate Form Builder allows Stored XSS.This issue affects NEX-Forms – Ultimate Form Builder: from n/a through 8.5.10...