WordPress Gutenberg Forms plugin <= 2.2.9 - Unauthenticated Arbitrary File Upload vulnerability

Unauthenticated Arbitrary File Upload vulnerability discovered by István Márton in WordPress Plugin WordPress Form Builder Plugin – Gutenberg Forms versions = 2.2.9...

CVE-2024-6069

The Registration Forms – User Registration Forms, Invitation-Based Registrations, Front-end User Profile, Login Form & Content Restriction plugin for WordPress is vulnerable to unauthorized arbitrary plugin installation due to a missing capability check on the pieregisterinstalladdon function in...

CVE-2024-6313

The Gutenberg Forms plugin for WordPress is vulnerable to arbitrary file uploads due to the users can specify the allowed file types in the 'upload' function in versions up to, and including, 2.2.9. This makes it possible for unauthenticated attackers to upload arbitrary files on the affected...

CVE-2024-6313 Gutenberg Forms <= 2.2.9 - Unauthenticated Arbitrary File Upload

The Gutenberg Forms plugin for WordPress is vulnerable to arbitrary file uploads due to the users can specify the allowed file types in the 'upload' function in versions up to, and including, 2.2.9. This makes it possible for unauthenticated attackers to upload arbitrary files on the affected...

WordPress WordPress Form Builder Plugin – Gutenberg Forms Plugin <= 2.2.9 is vulnerable to Arbitrary File Upload

Software WordPress Form Builder Plugin – Gutenberg Forms Type Plugin Vulnerable versions = 2.2.9 Fixed in N/A OWASP Top 10 A1: Injection Classification Arbitrary File Upload CVE CVE-2024-6313 Patch priority High CVSS severity High 10 Developer Claim ownership PSID 6945098cfe6d Credits István Márt...

BookStack Security Breach

BookStack is a simple, self-hosted, easy-to-use platform from BookStack, Inc. for organizing and storing information. A security vulnerability exists in BookStack versions prior to v24.05.1 that stems from the presence of faulty access controls that allow an attacker to identify existing system...

PT-2024-37363 · WordPress · Registration Forms

Name of the Vulnerable Software and Affected Versions: The Registration Forms – User Registration Forms, Invitation-Based Registrations, Front-end User Profile, Login Form & Content Restriction plugin for WordPress versions up to, and including, 3.8.3.4 Description: The issue allows authenticated...

WordPress plugin Ninja Forms code injection vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A code injection...

WordPress plugin Registration Forms security vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers running PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability exists in...

WordPress plugin Gutenberg Forms security vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...

PT-2024-27119 · Bookstack · Bookstack

Name of the Vulnerable Software and Affected Versions: BookStack versions prior to 24.05.1 Description: The issue is related to incorrect access control, allowing attackers to confirm existing system users and perform targeted notification email Denial of Service DoS via public-facing forms...

WordPress NEX-Forms – Ultimate Form Builder plugin <= 8.5.10 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by LVT-tholv2k Patchstack Alliance in WordPress Plugin NEX-Forms versions = 8.5.10...

WordPress NEX-Forms – Ultimate Form Builder Plugin <= 8.5.10 is vulnerable to Cross Site Scripting (XSS)

Software NEX-Forms – Ultimate Form Builder Type Plugin Vulnerable versions = 8.5.10 Fixed in 8.6.1 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-37512 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 6818a3b8cb82 Credits LVT-tholv2k Require...

WordPress Donation Forms by Charitable plugin <= 1.8.1.7 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by Dhabaleshwar Das Patchstack Alliance in WordPress Plugin Charitable versions = 1.8.1.7...

WordPress Ninja Forms plugin <= 3.8.4 - Subscriber+ Arbitrary Shortcode Execution vulnerability

Subscriber+ Arbitrary Shortcode Execution vulnerability discovered by Rafie Muhammad Patchstack in WordPress Plugin Ninja Forms versions = 3.8.4...

WordPress Ninja Forms Plugin <= 3.8.4 is vulnerable to Broken Access Control

Software Ninja Forms Type Plugin Vulnerable versions = 3.8.4 Fixed in 3.8.5 OWASP Top 10 A1: Broken Access Control Classification Broken Access Control CVE CVE-2024-37934 Patch priority Low CVSS severity Low 5.4 Developer Claim ownership PSID 5bd0529a71e3 Credits Rafie Muhammad Patchstack Require...

WordPress WPQA plugin < 6.1.1 - Arbitrary Category and Tag Follow/Unfollow via CSRF vulnerability

Arbitrary Category and Tag Follow/Unfollow via CSRF vulnerability discovered by Bob Matyas in WordPress Plugin WPQA - Builder forms Addon versions 6.1.1...

WordPress WPQA plugin < 6.1.1 - Contributor+ Stored XSS vulnerability

Contributor+ Stored XSS vulnerability discovered by Bob Matyas in WordPress Plugin WPQA - Builder forms Addon versions 6.1.1...

WordPress Magic Conversation For Gravity Forms plugin <= 3.0.96 - Malicious Polyfill.io Embed vulnerability

Malicious Polyfill.io Embed vulnerability discovered by Sansec.io in WordPress Plugin Magic Conversation For Gravity Forms versions = 3.0.96...

WordPress Tooltip for Gravity Forms plugin <= 2.9 - Malicious Polyfill.io Embed vulnerability

Malicious Polyfill.io Embed vulnerability discovered by Sansec.io in WordPress Plugin Tooltip for Gravity Forms versions = 2.9...