Multiple vulnerabilities in WordPress Plugin "Ninja Forms"

Overview WordPress Plugin "Ninja Forms" provided by Saturday Drive contains multiple vulnerabilities listed below. Cross-site request forgery CWE-352 - CVE-2024-25572 Stored cross-site scripting in submit processing CWE-79 - CVE-2024-26019 Stored cross-site scripting in custom fields for labels...

WordPress Plugin Ninja Forms Contact Form 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation, a blogging platform developed in the PHP language. The platform supports personal blog sites on servers with PHP and MySQL. WordPress plugin is an application plugin. A security vulnerability exists in WordPress Plugin...

WordPress Plugin Ninja Forms Contact Form 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation, a blogging platform developed in the PHP language. The platform supports personal blog sites on servers running PHP and MySQL. WordPress plugin is an application plugin. A security vulnerability exists in WordPress Plug...

WordPress plugin Ninja Forms 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...

JVN#50361500: Multiple vulnerabilities in WordPress Plugin "Ninja Forms"

WordPress Plugin "Ninja Forms" provided by Saturday Drive contains multiple vulnerabilities listed below. Cross-site request forgery CWE-352 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N Base Score 4.3 CVE-2024-25572 Stored cross-site scripting in submit processing CWE-79...

Smart Forms < 2.6.96 - Admin+ Stored XSS

Description The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup PoC 1. Add a new form or edit an...

Smart Forms < 2.6.96 - Admin+ Stored XSS

Description The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup 1. Add a new form or edit an existing...

WordPress Formsite | Embed online forms to collect orders, registrations, leads, and surveys Plugin <= 1.6 is vulnerable to Cross Site Scripting (XSS)

Software Formsite | Embed online forms to collect orders, registrations, leads, and surveys Type Plugin Vulnerable versions = 1.6 Fixed in 1.7 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-31257 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership...

PT-2024-21091 · Esri · Esri Portal For Arcgis

Name of the Vulnerable Software and Affected Versions: Esri Portal for ArcGIS versions 11.1 and below Description: The issue is a cross-site-request forgery vulnerability that may allow a remote, unauthenticated attacker to trick an authorized user into executing unwanted actions via a crafted...

CRM Perks Forms < 1.1.5 - Authenticated (Contributor+) Stored Cross-Site Scripting

Description The CRM Perks Forms plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 1.1.4 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to...

CRM Perks Forms < 1.1.5 - Unauthenticated SQL Injection

Description The CRM Perks Forms plugin for WordPress is vulnerable to SQL Injection in versions up to, and including, 1.1.4 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for unauthenticated attacker...

CRM Perks Forms < 1.1.5 - Authenticated (Contributor+) SQL Injection

Description The CRM Perks Forms plugin for WordPress is vulnerable to SQL Injection in versions up to, and including, 1.1.4 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers,...

Contact Forms by Cimatti <= 1.8.0 - Authenticated (Administrator+) Stored Cross-Site Scripting

Description The WordPress Contact Forms by Cimatti plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 1.8.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...

MailChimp Forms by MailMunch < 3.2.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode

Description The MailChimp Forms by MailMunch plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcode in all versions up to, and including, 3.2.2 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...

CVE-2024-30549

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Cimatti Consulting Contact Forms by Cimatti allows Stored XSS.This issue affects Contact Forms by Cimatti: from n/a through 1.8.0...

CVE-2024-30549

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in cimatti Contact Forms by Cimatti contact-forms.This issue affects Contact Forms by Cimatti: from n/a through = 1.8.0...

CVE-2024-30549

CVE-2024-30549 is an stored XSS in Cimatti Contact Forms (WordPress plugin) up to version 1.8.0, caused by improper neutralization of input during web page generation. The Red Hat advisory restates the vulnerability description, confirming the issue exists in Cimatti Contact Forms. Public exploit...

CVE-2024-30549 WordPress Contact Forms by Cimatti plugin <= 1.8.0 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in cimatti Contact Forms by Cimatti contact-forms.This issue affects Contact Forms by Cimatti: from n/a through = 1.8.0...

CVE-2024-30549 WordPress Contact Forms by Cimatti plugin <= 1.8.0 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in cimatti Contact Forms by Cimatti contact-forms.This issue affects Contact Forms by Cimatti: from n/a through = 1.8.0...

CVE-2024-30489

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in loopus WP Cost Estimation & Payment Forms Builder.This issue affects WP Cost Estimation & Payment Forms Builder: from n/a through 10.1.75...