WordPress Forms to Zapier plugin <= 1.1.12 - SQL Injection vulnerability

SQL Injection vulnerability discovered by Muhammad Daffa Patchstack Alliance in WordPress Plugin Forms to Zapier, Integromat, IFTTT, Workato, Automate.io, elastic.io, Built.io, APIANT, Webhook versions = 1.1.12...

WordPress Forms to Zapier, Integromat, IFTTT, Workato, Automate.io, elastic.io, Built.io, APIANT, Webhook Plugin <= 1.1.12 is vulnerable to SQL Injection

Software Forms to Zapier, Integromat, IFTTT, Workato, Automate.io, elastic.io, Built.io, APIANT, Webhook Type Plugin Vulnerable versions = 1.1.12 Fixed in N/A OWASP Top 10 A3: Injection Classification SQL Injection CVE CVE-2024-32134 Patch priority Low CVSS severity Low 7.6 Developer Claim...

WordPress Payment Forms for Paystack Plugin <= 4.0.0 is vulnerable to Cross Site Scripting (XSS)

Software Payment Forms for Paystack Type Plugin Vulnerable versions = 4.0.0 Fixed in N/A OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-32130 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID bdaaf2a9d240 Credits Ngô Thiên An ancorn from...

CVE-2024-25572

Cross-site request forgery CSRF vulnerability exists in Ninja Forms prior to 3.4.31. If a website administrator views a malicious page while logging in, unintended operations may be performed...

CVE-2024-26019

Ninja Forms prior to 3.8.1 contains a cross-site scripting vulnerability in submit processing. If this vulnerability is exploited, an arbitrary script may be executed on the web browser of the user who is accessing to the website using the product...

CVE-2024-29220

Ninja Forms prior to 3.8.1 contains a cross-site scripting vulnerability in custom fields for labels. If this vulnerability is exploited, an arbitrary script may be executed on the web browser of the user who is accessing to the website using the product...

CVE-2024-26019

Ninja Forms prior to 3.8.1 contains a cross-site scripting vulnerability in submit processing. If this vulnerability is exploited, an arbitrary script may be executed on the web browser of the user who is accessing to the website using the product...

CVE-2024-25572

Cross-site request forgery CSRF vulnerability exists in Ninja Forms prior to 3.4.31. If a website administrator views a malicious page while logging in, unintended operations may be performed...

CVE-2024-25572

Cross-site request forgery CSRF vulnerability exists in Ninja Forms prior to 3.4.31. If a website administrator views a malicious page while logging in, unintended operations may be performed...

CVE-2024-25572

CVE-2024-25572 affects Ninja Forms for WordPress prior to version 3.4.31. The issue is a CSRF vulnerability: if an administrator views a malicious page while logged in, unintended operations may be performed. Affected product/version: Ninja Forms before 3.4.31. Red Hat, NVD, JVN and related sourc...

CVE-2024-26019

Ninja Forms prior to 3.8.1 contains a cross-site scripting vulnerability in submit processing. If this vulnerability is exploited, an arbitrary script may be executed on the web browser of the user who is accessing to the website using the product...

CVE-2024-26019

CVE-2024-26019 affects Ninja Forms (WordPress) prior to 3.8.1, enabling a cross‑site scripting (XSS) vulnerability in submit processing. Exploitation could cause arbitrary JavaScript execution in the web browser of a user visiting the affected site. The root cause is insufficient input sanitizati...

CVE-2024-29220

Ninja Forms prior to 3.8.1 contains a cross-site scripting vulnerability in custom fields for labels. If this vulnerability is exploited, an arbitrary script may be executed on the web browser of the user who is accessing to the website using the product...

CVE-2024-29220

Ninja Forms prior to 3.8.1 contains a cross-site scripting vulnerability in custom fields for labels. If this vulnerability is exploited, an arbitrary script may be executed on the web browser of the user who is accessing to the website using the product...

CVE-2024-29220

CVE-2024-29220 affects Ninja Forms (WordPress) prior to 3.8.1. The issue is a cross-site scripting (XSS) vulnerability in the labels of custom fields, allowing an attacker to cause arbitrary script execution in a user’s browser when visiting a site using the product. Public references confirm the...

CVE-2024-22722

Server Side Template Injection SSTI vulnerability in Form Tools 3.1.1 allows attackers to run arbitrary commands via the Group Name field under the add forms section of the application...

PT-2024-19542

Name of the Vulnerable Software and Affected Versions Form Tools version 3.1.1 Description A Server Side Template Injection SSTI issue allows attackers to run arbitrary commands via the Group Name field under the add forms section of the application. Recommendations For Form Tools version 3.1.1,...

Tag Injection

contao/core-bundle is vulnerable to Tag Injection. The vulnerability is due to insufficient validation within SimpleTokenParser.php, allowing malicious users to inject tags via the form generator in frontend forms if the output is structured in a specific way...

WordPress MailChimp Forms by MailMunch plugin <= 3.2.1 - Cross Site Request Forgery (CSRF) vulnerability

Cross Site Request Forgery CSRF vulnerability discovered by Majed Refaea Patchstack Alliance in WordPress Plugin MailChimp Forms by MailMunch versions = 3.2.1...

PT-2024-21279 · Unknown · Ninja Forms

Name of the Vulnerable Software and Affected Versions: Ninja Forms versions prior to 3.8.1 Description: The issue is related to a cross-site scripting vulnerability in submit processing. If exploited, an arbitrary script may be executed on the web browser of the user accessing the website using t...