PT-2024-21013 · Unknown · Ninja Forms

Name of the Vulnerable Software and Affected Versions: Ninja Forms versions prior to 3.4.31 Description: A cross-site request forgery CSRF issue exists, allowing unintended operations to be performed if a website administrator views a malicious page while logged in. Recommendations: For versions...

CVE-2024-2340

The Avada theme for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 7.11.6 via the '/wp-content/uploads/fusion-forms/' directory. This makes it possible for unauthenticated attackers to extract sensitive data uploaded via an Avada created form with ...

CVE-2024-1812

The Everest Forms plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 2.0.7 via the 'fonturl' parameter. This makes it possible for unauthenticated attackers to make web requests to arbitrary locations originating from the web application and ca...

CVE-2024-1812

The Everest Forms plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 2.0.7 via the 'fonturl' parameter. This makes it possible for unauthenticated attackers to make web requests to arbitrary locations originating from the web application and ca...

CVE-2024-0598

The Gutenberg Blocks by Kadence Blocks – Page Builder Features plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the contact form message settings in all versions up to and including 3.2.17 due to insufficient input sanitization and output escaping. This makes it possible for...

CVE-2024-1812 Everest Forms <= 2.0.7 - Unauthenticated Server-Side Request Forgery via font_url

The Everest Forms plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 2.0.7 via the 'fonturl' parameter. This makes it possible for unauthenticated attackers to make web requests to arbitrary locations originating from the web application and ca...

CVE-2024-1812 Everest Forms <= 2.0.7 - Unauthenticated Server-Side Request Forgery via font_url

The Everest Forms plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 2.0.7 via the 'fonturl' parameter. This makes it possible for unauthenticated attackers to make web requests to arbitrary locations originating from the web application and ca...

CVE-2024-2340 Avada <= 7.11.6 - Unauthenticated Sensitive Information Exposure via Form Uploads Directory Listing

The Avada theme for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 7.11.6 via the '/wp-content/uploads/fusion-forms/' directory. This makes it possible for unauthenticated attackers to extract sensitive data uploaded via an Avada created form with ...

CVE-2024-28191

Contao is an open source content management system. Starting in version 4.0.0 and prior to version 4.13.40 and 5.3.4, it is possible to inject insert tags in frontend forms if the output is structured in a very specific way. Contao versions 4.13.40 and 5.3.4 have a patch for this issue. As a...

CVE-2024-28191 Contao may have unencoded insert tags in the frontend

Contao is an open source content management system. Starting in version 4.0.0 and prior to version 4.13.40 and 5.3.4, it is possible to inject insert tags in frontend forms if the output is structured in a very specific way. Contao versions 4.13.40 and 5.3.4 have a patch for this issue. As a...

CVE-2024-28191

CVE-2024-28191 (Contao) concerns the Contao CMS. The issue allows injection of insert tags in frontend forms when the submitted data is output on the page in a very specific way, due to insufficient validation in the form generator. Affected versions include Contao 4.x up to 4.13.39 and Contao 5....

CVE-2024-28191 Contao may have unencoded insert tags in the frontend

Contao is an open source content management system. Starting in version 4.0.0 and prior to version 4.13.40 and 5.3.4, it is possible to inject insert tags in frontend forms if the output is structured in a very specific way. Contao versions 4.13.40 and 5.3.4 have a patch for this issue. As a...

CVE-2024-28190

Contao core/file management is vulnerable to Cross‑Site Scripting via filenames during file upload. In Contao 4.x and 5.x, versions prior to 4.13.40 and 5.3.4 allow attackers to inject malicious code in uploaded filenames, which is then executed in backend tooltips and popups. Affected versions i...

CVE-2024-28190 Contao core bundle vulnerable to cross site scripting in the file manager

Contao is an open source content management system. Starting in version 4.0.0 and prior to version 4.13.40 and 5.3.4, users can inject malicious code in filenames when uploading files back end and front end, which is then executed in tooltips and popups in the back end. Contao versions 4.13.40 an...

WordPress Plugin Everest Forms 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform supports personal blog sites on servers with PHP and MySQL. WordPress plugin is an application plugin. A security vulnerability exis...

PT-2024-2857 · Adobe · Experience Manager

Name of the Vulnerable Software and Affected Versions: Adobe Experience Manager versions 6.5.19 and earlier Description: The issue exists due to inadequate protection of the web page structure. An attacker could exploit this to inject malicious scripts into vulnerable form fields, potentially...

PT-2024-19864 · WordPress · Avada

Name of the Vulnerable Software and Affected Versions: Avada theme for WordPress versions up to, and including, 7.11.6 Description: The issue allows unauthenticated attackers to extract sensitive data uploaded via an Avada created form with a file upload mechanism. This is possible due to sensiti...

PT-2024-18328 · WordPress · Everest Forms

Name of the Vulnerable Software and Affected Versions: Everest Forms plugin for WordPress versions up to, and including, 2.0.7 Description: The issue allows unauthenticated attackers to make web requests to arbitrary locations originating from the web application. This can be used to query and...

PT-2024-22325 · Contao · Contao

Name of the Vulnerable Software and Affected Versions: Contao versions 4.0.0 through 4.13.39 Contao versions 5.0.0 through 5.3.3 Description: The issue allows inject tags in frontend forms if the output is structured in a very specific way. It is possible to inject insert tags via the form...

Contao 安全漏洞

Contao is an open source content management system CMS developed in PHP. The system supports search engines, rights management, and CSS frameworks. A security vulnerability exists in Contao version 4.x prior to version 4.13.40 and version 5.x prior to version 5.3.4, which stems from the ability t...