CVE-2024-2113

The Ninja Forms Contact Form – The Drag and Drop Form Builder for WordPress plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 3.8.0. This is due to missing or incorrect nonce validation on the nfdownloadallsubs AJAX action. This makes it possib...

CVE-2024-2108

The Ninja Forms Contact Form – The Drag and Drop Form Builder for WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via an image title embedded into a form in all versions up to, and including, 3.8.0 due to insufficient input sanitization and output escaping. This makes ...

CVE-2024-2108

The Ninja Forms Contact Form – The Drag and Drop Form Builder for WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via an image title embedded into a form in all versions up to, and including, 3.8.0 due to insufficient input sanitization and output escaping. This makes ...

CVE-2024-2108

Technical details about CVE-2024-2108 are not publicly provided in the supplied documents. No patch version, affected product/version, root cause, or exploit specifics are present; monitor official advisories from Red Hat and WordPress/plugin vendors for updates.

CVE-2024-2113 Ninja Forms Contact Form – The Drag and Drop Form Builder for WordPress <= 3.8.0 - Cross-Site Request Forgery to Publicly Accessible Form Submission Export

The Ninja Forms Contact Form – The Drag and Drop Form Builder for WordPress plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 3.8.0. This is due to missing or incorrect nonce validation on the nfdownloadallsubs AJAX action. This makes it possib...

CVE-2024-2113

The Ninja Forms Contact Form – The Drag and Drop Form Builder for WordPress plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 3.8.0. This is due to missing or incorrect nonce validation on the nfdownloadallsubs AJAX action. This makes it possib...

CVE-2024-2113

CVE-2024-2113 affects Ninja Forms Contact Form – The Drag and Drop Form Builder for WordPress up to version 3.8.0. The vulnerability arises from missing or incorrect nonce validation on the nf_download_all_subs AJAX action, enabling unauthenticated attackers to trigger exporting a form’s submissi...

WordPress Plugin Ninja Forms Contact Form 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. WordPress is a blogging platform developed using the PHP language, which supports personal blogs on PHP and MySQL servers.WordPress plugin is an...

MasterStudy LMS < 3.3.2 - Unauthenticated Privilege Escalation

Description The plugin is vulnerable to Privilege Escalation due to insufficient validation checks within the registeruser function called by the 'wpajaxnoprivstmlmsregister' AJAX action. This makes it possible for unauthenticated attackers to register a user with administrator-level privileges...

WordPress Plugin CRM Perks Forms SQL注入漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A SQL injection vulnerability exists in...

WordPress Plugin CRM Perks Forms SQL注入漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A SQL injection vulnerability exists in...

PT-2024-23425 · Unknown · Crm Perks Forms

Name of the Vulnerable Software and Affected Versions: CRM Perks Forms versions 1.1.4 and earlier Description: The issue is related to an SQL Injection vulnerability due to the improper neutralization of special elements used in an SQL command. This allows for potential exploitation by injecting...

WordPress Contact Forms by Cimatti Plugin <= 1.8.0 is vulnerable to Cross Site Scripting (XSS)

Software Contact Forms by Cimatti Type Plugin Vulnerable versions = 1.8.0 Fixed in 1.9.1 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-30549 Patch priority Low CVSS severity Low 5.9 Developer Cimatti Consulting PSID 4e21af5dfa9c Credits Joel Indra Required...

PT-2024-23374 · Crm Perks · Crm Perks Forms

Name of the Vulnerable Software and Affected Versions: CRM Perks Forms versions 1.1.4 and earlier Description: The issue is related to Improper Neutralization of Input During Web Page Generation, also known as Cross-site Scripting, allowing Stored XSS. This means that an attacker can inject...

PT-2024-23424

Name of the Vulnerable Software and Affected Versions CRM Perks Forms versions 1.1.4 and earlier Description The issue is related to an SQL Injection vulnerability due to the improper neutralization of special elements used in an SQL command. This allows for potential exploitation by injecting...

Ninja Forms Contact Form < 3.8.1 - Publicly Accessible Form Submission Export via CSRF

Description The plugin is vulnerable to Cross-Site Request Forgery This is due to missing or incorrect nonce validation on the nfdownloadallsubs AJAX action. This makes it possible for unauthenticated attackers to trigger an export of a form's submission to a publicly accessible location via a...

PT-2024-20262 · WordPress · Masterstudy Lms

Name of the Vulnerable Software and Affected Versions: MasterStudy LMS plugin for WordPress versions up to, and including, 3.3.1 Description: The issue is due to insufficient validation checks within the register user function called by the 'wp ajax nopriv stm lms register' AJAX action. This allo...

WordPress Ninja Forms Plugin <= 3.8.0 is vulnerable to Cross Site Scripting (XSS)

Software Ninja Forms Type Plugin Vulnerable versions = 3.8.0 Fixed in 3.8.1 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-2108 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 4832fe1e0bfc Credits Tim Coen Required privilege...

WordPress Ninja Forms Plugin <= 3.8.0 is vulnerable to Cross Site Request Forgery (CSRF)

Software Ninja Forms Type Plugin Vulnerable versions = 3.8.0 Fixed in 3.8.1 OWASP Top 10 A5: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2024-2113 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID 0a9480169593 Credits Tobias Weißhaar kun19...

WordPress Plugin Ninja Forms Contact Form 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. WordPress is a blogging platform developed using the PHP language, which supports personal blogs on PHP and MySQL servers.WordPress plugin is an...