CVE-2024-32134 WordPress Forms to Zapier plugin <= 1.1.12 - Auth. SQL Injection vulnerability

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Nasirahmed Forms to Zapier, Integromat, IFTTT, Workato, Automate.Io, elastic.Io, Built.Io, APIANT, Webhook.This issue affects Forms to Zapier, Integromat, IFTTT, Workato, Automate.Io, elastic.Io,...

CVE-2024-32134

CVE-2024-32134 is an Authenticated (Administrator+) SQL Injection in the WordPress plugin Forms to Zapier/Integromat/IFTTT/Workato/Automate.io/elastic.io/Built.io/APIANT/Webhook, affecting versions up to 1.1.12. Root cause is improper neutralization of input used in SQL commands. Public exploitat...

CVE-2024-32134 WordPress Forms to Zapier plugin <= 1.1.12 - Auth. SQL Injection vulnerability

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Nasirahmed Forms to Zapier, Integromat, IFTTT, Workato, Automate.Io, elastic.Io, Built.Io, APIANT, Webhook.This issue affects Forms to Zapier, Integromat, IFTTT, Workato, Automate.Io, elastic.Io,...

CVE-2024-1307

The Smart Forms WordPress plugin before 2.6.94 does not have proper authorization in some actions, which could allow users with a role as low as a subscriber to call them and perform unauthorized actions...

CVE-2024-1306

The Smart Forms WordPress plugin before 2.6.94 does not have CSRF checks in some places, which could allow attackers to make logged-in users perform unwanted actions via CSRF attacks, such as editing entries, and we consider it a medium risk...

CVE-2024-1306

The Smart Forms WordPress plugin before 2.6.94 does not have CSRF checks in some places, which could allow attackers to make logged-in users perform unwanted actions via CSRF attacks, such as editing entries, and we consider it a medium risk...

CVE-2024-1307

The Smart Forms WordPress plugin before 2.6.94 does not have proper authorization in some actions, which could allow users with a role as low as a subscriber to call them and perform unauthorized actions...

CVE-2024-1307 Smart Forms < 2.6.94 - Subscriber+ Edit Entries via Broken Access Control

The Smart Forms WordPress plugin before 2.6.94 does not have proper authorization in some actions, which could allow users with a role as low as a subscriber to call them and perform unauthorized actions...

CVE-2024-1307 Smart Forms < 2.6.94 - Subscriber+ Edit Entries via Broken Access Control

The Smart Forms WordPress plugin before 2.6.94 does not have proper authorization in some actions, which could allow users with a role as low as a subscriber to call them and perform unauthorized actions...

CVE-2024-1306 Smart Forms < 2.6.94 - Edit Entries via CSRF

The Smart Forms WordPress plugin before 2.6.94 does not have CSRF checks in some places, which could allow attackers to make logged-in users perform unwanted actions via CSRF attacks, such as editing entries, and we consider it a medium risk...

CVE-2024-1306 Smart Forms < 2.6.94 - Edit Entries via CSRF

The Smart Forms WordPress plugin before 2.6.94 does not have CSRF checks in some places, which could allow attackers to make logged-in users perform unwanted actions via CSRF attacks, such as editing entries, and we consider it a medium risk...

WordPress Smart Forms Plugin < 2.6.94 is vulnerable to Broken Access Control

Software Smart Forms Type Plugin Vulnerable versions 2.6.94 Fixed in 2.6.94 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2024-1307 Patch priority Low CVSS severity Low 5.4 Developer Claim ownership PSID 966287948243 Credits Amir Hossein Fallahi Required...

WordPress Smart Forms Plugin < 2.6.94 is vulnerable to Cross Site Request Forgery (CSRF)

Software Smart Forms Type Plugin Vulnerable versions 2.6.94 Fixed in 2.6.94 OWASP Top 10 A5: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2024-1306 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID b8231f973f18 Credits Amir Hossein Fallahi...

WordPress WP Cost Estimation & Payment Forms Builder Plugin <= 10.1.75 is vulnerable to Cross Site Scripting (XSS)

Software WP Cost Estimation & Payment Forms Builder Type Plugin Vulnerable versions = 10.1.75 Fixed in 10.1.76 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-32510 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 052582e81e99 Credits...

WordPress WP Cost Estimation & Payment Forms Builder Plugin <= 10.1.76 is vulnerable to Broken Access Control

Software WP Cost Estimation & Payment Forms Builder Type Plugin Vulnerable versions = 10.1.76 Fixed in 10.1.77 OWASP Top 10 A1: Broken Access Control Classification Broken Access Control CVE CVE-2024-32509 Patch priority Medium CVSS severity Medium 6.5 Developer Claim ownership PSID 4f90762b9976...

WordPress Plugin Smart Forms 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A security vulnerability previously existed...

WordPress Plugin Smart Forms 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A security vulnerability previously existed...

WordPress Plugin MailChimp Forms by MailMunch 跨站请求伪造漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. WordPress Plugin MailChimp Forms by MailMun...

WordPress Jotform Online Forms Plugin <= 1.3.1 is vulnerable to Cross Site Scripting (XSS)

Software Jotform Online Forms Type Plugin Vulnerable versions = 1.3.1 Fixed in 1.3.2 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-32527 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 6eac99777a8f Credits Ngô Thiên An ancorn from VNPT-VCI...

PT-2024-24024 · Mailmunch · Mailchimp Forms By Mailmunch

Name of the Vulnerable Software and Affected Versions: MailChimp Forms by MailMunch versions 3.2.1 and earlier Description: The issue is a Cross-Site Request Forgery CSRF vulnerability. This type of vulnerability allows an attacker to trick a user into performing unintended actions on a web...