Ninja Forms Contact Form < 3.8.1 - Author+ Stored XSS

Description The plugin is vulnerable to Stored Cross-Site Scripting via an image title embedded into a form due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with author-level access and above, to inject arbitrary web scripts in pages...

WordPress CRM Perks Forms Plugin <= 1.1.4 is vulnerable to SQL Injection

Software CRM Perks Forms Type Plugin Vulnerable versions = 1.1.4 Fixed in 1.1.5 OWASP Top 10 A3: Injection Classification SQL Injection CVE CVE-2024-30499 Patch priority Low CVSS severity Low 8.5 Developer Claim ownership PSID 70d39ae38da2 Credits LVT-tholv2k Required privilege Contributor...

WordPress CRM Perks Forms Plugin <= 1.1.4 is vulnerable to SQL Injection

Software CRM Perks Forms Type Plugin Vulnerable versions = 1.1.4 Fixed in 1.1.5 OWASP Top 10 A3: Injection Classification SQL Injection CVE CVE-2024-30498 Patch priority High CVSS severity High 9.3 Developer Claim ownership PSID e08e6a7e4afa Credits LVT-tholv2k Required privilege Unauthenticated...

WordPress WP Cost Estimation & Payment Forms Builder Plugin <= 10.1.75 is vulnerable to SQL Injection

Software WP Cost Estimation & Payment Forms Builder Type Plugin Vulnerable versions = 10.1.75 Fixed in 10.1.76 OWASP Top 10 A3: Injection Classification SQL Injection CVE CVE-2024-30489 Patch priority Low CVSS severity Low 8.5 Developer Claim ownership PSID b42e5deb44b6 Credits Rafie Muhammad...

WordPress CRM Perks Forms Plugin <= 1.1.4 is vulnerable to Cross Site Scripting (XSS)

Software CRM Perks Forms Type Plugin Vulnerable versions = 1.1.4 Fixed in 1.1.5 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-30446 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 7cd056009948 Credits LVT-tholv2k Required privilege...

PT-2024-18828 · WordPress · The Ninja Forms Contact Form – The Drag/Drop Form Builder For Wordpress

Name of the Vulnerable Software and Affected Versions: The Ninja Forms Contact Form – The Drag and Drop Form Builder for WordPress plugin for WordPress versions up to, and including, 3.8.0 Description: The issue is related to Stored Cross-Site Scripting via an image title embedded into a form due...

PT-2024-18833 · WordPress · Ninja Forms Contact Form

Name of the Vulnerable Software and Affected Versions: The Ninja Forms Contact Form – The Drag and Drop Form Builder for WordPress plugin for WordPress versions up to, and including, 3.8.0 Description: The issue is related to Cross-Site Request Forgery due to missing or incorrect nonce validation...

UBUNTU-CVE-2024-28852

Ampache is a web based audio/video streaming application and file manager. Ampache has multiple reflective XSS vulnerabilities,this means that all forms in the Ampache that use rule as a variable are not secure. For example, when querying a song, when querying a podcast, we need to use $rule...

CVE-2024-29793

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in MailMunch MailChimp Forms by MailMunch allows Stored XSS.This issue affects MailChimp Forms by MailMunch: from n/a through 3.2.2...

CVE-2024-29793

CVE-2024-29793 is a Stored XSS in the MailChimp Forms by MailMunch plugin for WordPress (MailChimp Forms by MailMunch), affecting versions up to 3.2.2. The vulnerability is described as Stored XSS via Shortcode. Wordfence and related feeds note that the issue has been patched; specific fixed vers...

CVE-2024-29793 WordPress MailChimp Forms by MailMunch plugin <= 3.2.2 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in MailMunch MailChimp Forms by MailMunch allows Stored XSS.This issue affects MailChimp Forms by MailMunch: from n/a through 3.2.2...

CVE-2024-29793 WordPress MailChimp Forms by MailMunch plugin <= 3.2.2 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in MailMunch MailChimp Forms by MailMunch allows Stored XSS.This issue affects MailChimp Forms by MailMunch: from n/a through 3.2.2...

WordPress Plugin MailChimp Forms by MailMunch 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. WordPress is a blogging platform developed in the PHP language that supports personal blogs on PHP and MySQL servers.WordPress plugin is an application...

PT-2024-23037 · Mailmunch · Mailchimp Forms By Mailmunch

Name of the Vulnerable Software and Affected Versions: MailChimp Forms by MailMunch versions 3.2.2 and earlier Description: The issue is related to Improper Neutralization of Input During Web Page Generation, also known as Cross-site Scripting, which allows Stored XSS. This means that an attacker...

Smart Forms < 2.6.94 - Subscriber+ Edit Entries via Broken Access Control

Description The plugin does not have proper authorization in some actions, which could allow users with a role as low as a subscriber to call them and perform unauthorized actions While logged as a subscriber, paste the following in your browser's console: fetch'/wp-admin/admin-ajax.php', method:...

WordPress MailChimp Forms by MailMunch Plugin <= 3.2.2 is vulnerable to Cross Site Scripting (XSS)

Software MailChimp Forms by MailMunch Type Plugin Vulnerable versions = 3.2.2 Fixed in 3.2.3 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-29793 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID b65cb3b63fe6 Credits Ngô Thiên An ancorn from...

Smart Forms < 2.6.94 - Edit Entries via CSRF

Description The plugin does not have CSRF checks in some places, which could allow attackers to make logged-in users perform unwanted actions via CSRF attacks, such as editing entries, and we consider it a medium risk. CSRF PoC CSRF PoC input type="hidden" name="elementOptions"...

Smart Forms < 2.6.94 - Edit Entries via CSRF

Description The plugin does not have CSRF checks in some places, which could allow attackers to make logged-in users perform unwanted actions via CSRF attacks, such as editing entries, and we consider it a medium risk. PoC CSRF PoC...

Smart Forms < 2.6.94 - Subscriber+ Edit Entries via Broken Access Control

Description The plugin does not have proper authorization in some actions, which could allow users with a role as low as a subscriber to call them and perform unauthorized actions PoC While logged as a subscriber, paste the following in your browser's console: fetch'/wp-admin/admin-ajax.php',...

Adobe Experience Manager cross-site scripting vulnerability (CNVD-2024-14657)

Adobe Experience Manager AEM is a set of content management solutions that can be used to build websites, mobile applications and forms from the American company Audobee Adobe. The program supports mobile content management, marketing and sales campaign management and multi-site management. A...