WordPress ChatBot Conversational Forms plugin <= 1.2.0 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by Jean Tirstan T Patchstack Alliance in WordPress Plugin Conversational Forms for ChatBot versions = 1.2.0...

WordPress GP Unique ID plugin <= 1.5.5 - Unauthenticated Form Submission Unique ID Modification vulnerability

Unauthenticated Form Submission Unique ID Modification vulnerability discovered by Karl Emil Nikka in WordPress Plugin Gravity Forms Unique ID versions = 1.5.5...

Foxit PDF Reader 安全漏洞

Foxit PDF Reader is a PDF reader from the Chinese company Foxit. A security vulnerability exists in Foxit PDF Reader, which originates from a remote code execution vulnerability in the XFA Doc object reuse after release...

WordPress Gravity Forms Unique ID Plugin <= 1.5.5 is vulnerable to Content Spoofing

Software Gravity Forms Unique ID Type Plugin Vulnerable versions = 1.5.5 Fixed in 1.5.6 OWASP Top 10 A3: Injection Classification Content Spoofing CVE CVE-2024-0710 Patch priority Low CVSS severity Low 5.3 Developer Claim ownership PSID deacdbc2e22e Credits Karl Emil Nikka Required privilege...

WordPress Conversational Forms for ChatBot Plugin <= 1.2.0 is vulnerable to Cross Site Scripting (XSS)

Software Conversational Forms for ChatBot Type Plugin Vulnerable versions = 1.2.0 Fixed in 1.3.0 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-34380 Patch priority Low CVSS severity Low 5.9 Developer Claim ownership PSID 04a3b48cf9af Credits Jean Tirstan T Requir...

CVE-2024-2797

The MailerLite – Signup forms official plugin for WordPress is vulnerable to unauthorized plugin setting changes due to a missing capability check on the toggleRolesAndPermissions and editAllowedRolesAndPermissions functions in all versions up to, and including, 1.7.6. This makes it possible for...

CVE-2024-2542

The Jotform Online Forms – Drag & Drop Form Builder, Securely Embed Contact Forms plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcodes in all versions up to, and including, 1.3.1 due to insufficient input sanitization and output escaping on user supplied...

CVE-2024-3715

CVE-2024-3715 relates to the Database for Contact Form 7, WPforms, and Elementor forms plugins on WordPress. It describes a Stored Cross-Site Scripting vulnerability caused by insufficient input sanitization and output escaping, enabling unauthenticated attackers to inject scripts that execute wh...

CVE-2024-3715 Database for Contact Form 7, WPforms, Elementor forms <= 1.3.8 - Unauthenticated Stored Cross-Site Scripting

The Database for Contact Form 7, WPforms, Elementor forms plugin for WordPress is vulnerable to Stored Cross-Site Scripting in all versions up to, and including, 1.3.8 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject...

CVE-2024-3729

The CVE-2024-3729 issue affects the Frontend Admin by DynamiApps WordPress plugin. It is caused by improper missing encryption exception handling in the fea_encrypt function, and is exploitable on all versions up to and including 3.19.4 when the OpenSSL PHP extension is not loaded. This allows un...

CVE-2024-2797

CVE-2024-2797 affects the MailerLite – Signup forms (official) plugin for WordPress. Unauthenticated attackers could change plugin settings due to missing capability checks in toggleRolesAndPermissions and editAllowedRolesAndPermissions across versions up to 1.7.6, potentially enabling lower-leve...

CVE-2024-2542

The CVE-2024-2542 issue affects the Jotform Online Forms – Drag & Drop Form Builder, Securely Embed Contact Forms WordPress plugin up to version 1.3.1, with stored XSS via shortcode attributes. Root cause is insufficient input sanitization and output escaping, enabling authenticated users with co...

WordPress plugin Jotform Online Forms 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...

PT-2024-27334 · WordPress · Elementor Forms Plugin +2

Name of the Vulnerable Software and Affected Versions: The Database for Contact Form 7, WPforms, Elementor forms plugin for WordPress versions up to, and including, 1.3.8 Description: The issue is related to Stored Cross-Site Scripting due to insufficient input sanitization and output escaping...

PT-2024-22175 · Mailerlite · Mailerlite – Signup Forms

Name of the Vulnerable Software and Affected Versions: MailerLite – Signup forms official plugin for WordPress versions up to, and including, 1.7.6 Description: The issue allows unauthorized plugin setting changes due to a missing capability check on the toggleRolesAndPermissions and...

PT-2024-17998 · WordPress · Mailerlite

Name of the Vulnerable Software and Affected Versions: MailerLite – Signup forms plugin for WordPress versions 1.5.0 through 1.7.6 Description: The issue is related to Stored Cross-Site Scripting via the plugin's shortcodes due to insufficient input sanitization and output escaping on user-suppli...

CVE-2024-32210

The LoMag WareHouse Management application version 1.0.20.120 and older were to utilize hard-coded passwords by default for forms and SQL connections...

CVE-2024-32210

The LoMag WareHouse Management application version 1.0.20.120 and older were to utilize hard-coded passwords by default for forms and SQL connections...

PT-2024-24461 · Unknown · Lomag Warehouse Management

Name of the Vulnerable Software and Affected Versions: LoMag WareHouse Management application versions 1.0.20.120 and older Description: The issue concerns the use of hard-coded passwords by default for forms and SQL connections. Recommendations: For versions 1.0.20.120 and older, update the...

CVE-2024-32210

The Red Hat–listed CVEs map to LoMag LoMag Inventory Management v1.0.20.120 and earlier. Concrete issues include: hard-coded passwords by default for forms and SQL connections (CVE-2024-32210); local information disclosure via UserClass.cs and Settings.cs (CVE-2024-32211); SQL Injection via Artic...