WordPress Plugin NEX-Forms Security Vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability exists in...

CVE-2023-7203

The Smart Forms WordPress plugin before 2.6.87 does not have authorisation in various AJAX actions, which could allow users with a role as low as subscriber to call them and perform unauthorised actions such as deleting entries. The plugin also lacks CSRF checks in some places which could allow...

Cross site request forgery (csrf)

The Smart Forms WordPress plugin before 2.6.87 does not have authorisation in various AJAX actions, which could allow users with a role as low as subscriber to call them and perform unauthorised actions such as deleting entries. The plugin also lacks CSRF checks in some places which could allow...

CVE-2023-7203

The Smart Forms WordPress plugin (versions prior to 2.6.87) suffers Broken Access Control via insufficient authorization on AJAX actions and missing CSRF checks, allowing a low-privilege role (subscriber) to trigger administrative actions such as deleting entries. Exploitation details appear in p...

CVE-2023-7203 Smart Forms < 2.6.87 - Subscriber+ Arbitrary Entry Deletion

The Smart Forms WordPress plugin before 2.6.87 does not have authorisation in various AJAX actions, which could allow users with a role as low as subscriber to call them and perform unauthorised actions such as deleting entries. The plugin also lacks CSRF checks in some places which could allow...

WordPress Smart Forms Plugin < 2.6.87 is vulnerable to Broken Access Control

Software Smart Forms Type Plugin Vulnerable versions 2.6.87 Fixed in 2.6.87 OWASP Top 10 A1: Broken Access Control Classification Broken Access Control CVE CVE-2023-7203 Patch priority Medium CVSS severity Medium 5.4 Developer Claim ownership PSID 959e4abbd849 Credits Mohammad Reza Omrani Require...

WordPress plugin Smart Forms security vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. WordPress is a blogging platform developed using the PHP language, which supports personal blogs on PHP and MySQL servers.WordPress plugin is an...

WordPress Marketo Forms and Tracking Plugin <= 1.0.2 is vulnerable to Cross Site Scripting (XSS)

Software Marketo Forms and Tracking Type Plugin Vulnerable versions = 1.0.2 Fixed in N/A OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2020-6849 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 49ac15351483 Credits Zeroauth...

WordPress Contact Form builder with drag & drop - Kali Forms Plugin <= 2.3.41 is vulnerable to Broken Access Control

Software Contact Form builder with drag & drop - Kali Forms Type Plugin Vulnerable versions = 2.3.41 Fixed in 2.3.42 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2024-1217 Patch priority High CVSS severity High 7.6 Developer Claim ownership PSID b229d70e3a1f...

WordPress Contact Form builder with drag & drop - Kali Forms Plugin <= 2.3.41 is vulnerable to Broken Access Control

Software Contact Form builder with drag & drop - Kali Forms Type Plugin Vulnerable versions = 2.3.41 Fixed in 2.3.42 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2024-1218 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID 5bcaca8f354c...

CVE-2024-1218

The Contact Form builder with drag & drop for WordPress – Kali Forms plugin for WordPress is vulnerable to unauthorized access and modification of data via API due to an inconsistent capability check on several REST endpoints in all versions up to, and including, 2.3.41. This makes it possible fo...

CVE-2024-1218 Contact Form builder with drag & drop for WordPress – Kali Forms <= 2.3.41 - Missing Authorization

The Contact Form builder with drag & drop for WordPress – Kali Forms plugin for WordPress is vulnerable to unauthorized access and modification of data via API due to an inconsistent capability check on several REST endpoints in all versions up to, and including, 2.3.41. This makes it possible fo...

CVE-2024-1218

CVE-2024-1218 affects the Kali Forms WordPress plugin prior to 2.3.42. The issue is an inconsistent capability check on several REST endpoints, enabling an authenticated user with Contributor+ privileges to access and/or modify forms and form entries via the plugin API. Impact described in source...

CVE-2024-1217 Contact Form builder with drag & drop for WordPress – Kali Forms <= 2.3.41 - Missing Authorization to Arbitrary Plugin Deactivation

The Contact Form builder with drag & drop for WordPress – Kali Forms plugin for WordPress is vulnerable to unauthorized plugin deactivation due to a missing capability check on the awaitplugindeactivation function in all versions up to, and including, 2.3.41. This makes it possible for...

CVE-2024-1217

CVE-2024-1217 affects the Kali Forms WordPress plugin (Contact Form builder with drag & drop). The vulnerability arises from a missing capability check in the await_plugin_deactivation function across versions up to 2.3.41, allowing authenticated users with subscriber access or higher to deactiva...

PT-2024-17468 · WordPress · Kali Forms

Name of the Vulnerable Software and Affected Versions: Kali Forms plugin for WordPress versions up to, and including, 2.3.41 Description: The issue arises from a missing capability check on the await plugin deactivation function, allowing authenticated attackers with subscriber access or higher t...

PT-2024-17471 · WordPress · Kali Forms

Name of the Vulnerable Software and Affected Versions: Kali Forms plugin for WordPress versions prior to 2.3.42 Description: The Kali Forms plugin for WordPress is affected by an issue that allows unauthorized access and modification of data via API due to an inconsistent capability check on...

Contact Form builder with drag & drop for WordPress – Kali Forms < 2.3.42 - Missing Authorization

Description The Contact Form builder with drag & drop for WordPress – Kali Forms plugin for WordPress is vulnerable to unauthorized access and modification of data via API due to an inconsistent capability check on several REST endpoints in all versions up to, and including, 2.3.41. This makes it...

Darktrace Threat Visualizer Security Vulnerability

Darktrace Threat Visualizer is a component of one of Darktrace's security solutions for visualizing network threats and anomalous behavior. A security vulnerability exists in Darktrace Threat Visualizer version 6.1.27 and earlier. An attacker exploited the vulnerability to conduct open redirects...

Easy Forms for Mailchimp <= 6.9.0 - Sensitive Information Exposure via logfile

Description The plugin stores its logs at a predictable path, making it easy for anyone to leak their content...