PT-2024-26356 · Flothemes · Flo Forms

Name of the Vulnerable Software and Affected Versions: Flo Forms versions 1.0.42 and earlier Description: The issue is related to a Missing Authorization vulnerability in Flothemes Flo Forms. Recommendations: For versions 1.0.42 and earlier, update to a version later than 1.0.42 to resolve the...

Integration for Pipedrive and Contact Form 7, WPForms, Elementor, Ninja Forms < 1.2.1 - Cross-Site Request Forgery

Description The Integration for Pipedrive and Contact Form 7, WPForms, Elementor, Ninja Forms plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.2.0. This is due to missing or incorrect nonce validation on the settingspage function. This makes...

Flo Forms <= 1.0.42 - Missing Authorization

Description The Flo Forms – Easy Drag & Drop Form Builder plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on a function in all versions up to, and including, 1.0.42. This makes it possible for unauthenticated attackers to perform an unauthorized action...

WordPress Integration for Salesforce and Contact Form 7, WPForms, Elementor, Formidable, Ninja Forms plugin <=1.3.9 - Cross Site Request Forgery (CSRF) vulnerability

Cross Site Request Forgery CSRF vulnerability discovered by Joshua Chan Patchstack Alliance in WordPress Plugin Integration for Salesforce and Contact Form 7, WPForms, Elementor, Formidable, Ninja Forms versions = 1.3.9...

TYPO3 跨站脚本漏洞

TYPO3 is a free and open source content management system framework CMS/CMF from the Swiss TYPO3 Association. A cross-site scripting vulnerability exists in TYPO3 CMS, which stems from the back-end module of the Forms Manager that is susceptible to cross-site scripting attacks. The affected...

WordPress Flo Forms plugin <= 1.0.42 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by Dhabaleshwar Das Patchstack Alliance in WordPress Plugin Flo Forms versions = 1.0.42...

CVE-2024-34817 WordPress Integration for Pipedrive and Contact Form 7, WPForms, Elementor, Ninja Forms plugin <= 1.2.0 - Cross Site Request Forgery (CSRF) vulnerability

Cross-Site Request Forgery CSRF vulnerability in CRM Perks Integration for Pipedrive and Contact Form 7, WPForms, Elementor, Ninja Forms.This issue affects Integration for Pipedrive and Contact Form 7, WPForms, Elementor, Ninja Forms: from n/a through 1.2.0...

CVE-2024-34817

CVE-2024-34817 is a CSRF vulnerability in the Integration for Pipedrive and Contact Form 7, WPForms, Elementor, Ninja Forms WordPress plugin. Affected versions are up to 1.2.0 (exact start version not provided). The vulnerability allows unauthorized cross-site actions due to CSRF, with the CVSS/a...

CVE-2024-34817 WordPress Integration for Pipedrive and Contact Form 7, WPForms, Elementor, Ninja Forms plugin <= 1.2.0 - Cross Site Request Forgery (CSRF) vulnerability

Cross-Site Request Forgery CSRF vulnerability in CRM Perks Integration for Pipedrive and Contact Form 7, WPForms, Elementor, Ninja Forms.This issue affects Integration for Pipedrive and Contact Form 7, WPForms, Elementor, Ninja Forms: from n/a through 1.2.0...

WordPress Flo Forms Plugin <= 1.0.42 is vulnerable to Broken Access Control

Software Flo Forms Type Plugin Vulnerable versions = 1.0.42 Fixed in 1.0.43 OWASP Top 10 A1: Broken Access Control Classification Broken Access Control CVE CVE-2024-35174 Patch priority Low CVSS severity Low 5.3 Developer Claim ownership PSID 5341640d4e58 Credits Dhabaleshwar Das Required privile...

PT-2024-27918 · WordPress · Spectra Pro

Name of the Vulnerable Software and Affected Versions: Spectra Pro plugin for WordPress versions up to and including 1.1.5 Description: The issue allows lower-privileged users to create registration forms and set the default role to administrator. This enables authenticated attackers with...

WordPress Integration for Pipedrive and Contact Form 7, WPForms, Elementor, Ninja Forms plugin <= 1.2.0 - Cross Site Request Forgery (CSRF) vulnerability

Cross Site Request Forgery CSRF vulnerability discovered by Joshua Chan Patchstack Alliance in WordPress Plugin Integration for Pipedrive and Contact Form 7, WPForms, Elementor, Ninja Forms versions = 1.2.0...

Ninja Forms – The Contact Form Builder That Grows With You < 3.8.1 - Admin+ Stored Cross-Site Scripting

Description The Ninja Forms – The Contact Form Builder That Grows With You plugin for WordPress is vulnerable to Stored Cross-Site Scripting via a form field in all versions up to, and including, 3.8.0 due to insufficient input sanitization and output escaping. This makes it possible for...

WordPress Integration for Pipedrive and Contact Form 7, WPForms, Elementor, Ninja Forms Plugin <= 1.2.0 is vulnerable to Cross Site Request Forgery (CSRF)

Software Integration for Pipedrive and Contact Form 7, WPForms, Elementor, Ninja Forms Type Plugin Vulnerable versions = 1.2.0 Fixed in 1.2.1 OWASP Top 10 A1: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2024-34817 Patch priority Low CVSS severity Low 4.3 Developer...

May 7, 2024, update for Outlook 2016 (KB5002593)

May 7, 2024, update for Outlook 2016 KB5002593 This article describes update 5002593 for Microsoft Outlook 2016 that was released on May 7, 2024. Be aware that the update in the Microsoft Download Center applies to the Microsoft Installer .msi-based edition of Office 2016. It doesn't apply to the...

CVE-2024-34380

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in QuantumCloud Conversational Forms for ChatBot allows Stored XSS.This issue affects Conversational Forms for ChatBot: from n/a through 1.2.0...

CVE-2024-34380 WordPress ChatBot Conversational Forms plugin <= 1.2.0 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in QuantumCloud Conversational Forms for ChatBot allows Stored XSS.This issue affects Conversational Forms for ChatBot: from n/a through 1.2.0...

CVE-2024-34380

CVE-2024-34380 affects the QuantumCloud Conversational Forms for ChatBot WordPress plugin, with an Improper Neutralization of Input During Web Page Generation leading to Stored XSS in the Conversational Forms; affected versions are from n/a through 1.2.0. Red Hat and Wordfence sources confirm the...

CVE-2024-34380 WordPress ChatBot Conversational Forms plugin <= 1.2.0 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in QuantumCloud Conversational Forms for ChatBot allows Stored XSS.This issue affects Conversational Forms for ChatBot: from n/a through 1.2.0...

WordPress plugin Conversational Forms for ChatBot 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A cross-site scripting vulnerability exists...