CVE-2024-24771 Open Forms potential multi-factor authentication bypass

Open Forms allows users create and publish smart forms. Versions prior to 2.2.9, 2.3.7, 2.4.5, and 2.5.2 contain a non-exploitable multi-factor authentication weakness. Superusers who have their credentials username + password compromised could potentially have the second-factor authentication...

CVE-2024-24771 Open Forms potential multi-factor authentication bypass

Open Forms allows users create and publish smart forms. Versions prior to 2.2.9, 2.3.7, 2.4.5, and 2.5.2 contain a non-exploitable multi-factor authentication weakness. Superusers who have their credentials username + password compromised could potentially have the second-factor authentication...

CVE-2024-24771 Open Forms potential multi-factor authentication bypass

Open Forms allows users create and publish smart forms. Versions prior to 2.2.9, 2.3.7, 2.4.5, and 2.5.2 contain a non-exploitable multi-factor authentication weakness. Superusers who have their credentials username + password compromised could potentially have the second-factor authentication...

CVE-2024-24771

Open Forms CVE-2024-24771 affects multiple versions prior to 2.2.9, 2.3.7, 2.4.5, and 2.5.2, with a non-exploitable MFA weakness that could allow a second-factor bypass if a superuser’s credentials are compromised. Attack could let the attacker view sensitive submissions or impersonate staff if b...

Open Forms Security Vulnerability

Open Forms is Open Formulieren open source an intelligent dynamic form . Used to quickly create a powerful and intelligent forms exposed through the API . A security vulnerability exists in Open Forms versions prior to 2.2.8, 2.3.6, 2.4.4, 2.5.1, which stems from an authentication bypass...

PT-2024-20549 · Unknown · Open Forms

Name of the Vulnerable Software and Affected Versions: Open Forms versions prior to 2.2.9 Open Forms versions prior to 2.3.7 Open Forms versions prior to 2.4.5 Open Forms versions prior to 2.5.2 Description: Open Forms allows users to create and publish smart forms. The software contains a...

WordPress Advanced Forms Plugin <= 1.9.3.2 is vulnerable to Broken Access Control

Software Advanced Forms Type Plugin Vulnerable versions = 1.9.3.2 Fixed in 1.9.3.3 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2024-1121 Patch priority Low CVSS severity Low 5.3 Developer Claim ownership PSID 5521bfbfd051 Credits Francesco Carlucci Required...

CVE-2024-1121

The Advanced Forms for ACF plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the exportjsonfile function in all versions up to, and including, 1.9.3.2. This makes it possible for unauthenticated attackers to export form settings...

CVE-2024-0660

The Formidable Forms – Contact Form, Survey, Quiz, Payment, Calculator Form & Custom Form Builder plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 6.7.2. This is due to missing or incorrect nonce validation on the updatesettings function. This...

CVE-2024-0660

The Formidable Forms – Contact Form, Survey, Quiz, Payment, Calculator Form & Custom Form Builder plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 6.7.2. This is due to missing or incorrect nonce validation on the updatesettings function. This...

CVE-2024-0372

The Views for WPForms – Display & Edit WPForms Entries on your site frontend plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the 'getformfields' function in all versions up to, and including, 3.2.2. This makes it possible for authenticated...

Cross site request forgery (csrf)

The Formidable Forms – Contact Form, Survey, Quiz, Payment, Calculator Form & Custom Form Builder plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 6.7.2. This is due to missing or incorrect nonce validation on the updatesettings function. This...

CVE-2023-6953

The PDF Generator For Fluent Forms – The Contact Form Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the header, PDF body and footer content parameters in all versions up to, and including, 1.1.7 due to insufficient input sanitization and output escaping. This makes ...

CVE-2024-0660 Formidable Forms <= 6.7.2 - Cross-Site Request Forgery to Stored Cross-Site Scripting

The Formidable Forms – Contact Form, Survey, Quiz, Payment, Calculator Form & Custom Form Builder plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 6.7.2. This is due to missing or incorrect nonce validation on the updatesettings function. This...

CVE-2024-0660 Formidable Forms <= 6.7.2 - Cross-Site Request Forgery to Stored Cross-Site Scripting

The Formidable Forms – Contact Form, Survey, Quiz, Payment, Calculator Form & Custom Form Builder plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 6.7.2. This is due to missing or incorrect nonce validation on the updatesettings function. This...

CVE-2024-0660

The CVE-2024-0660 entry concerns Formidable Forms for WordPress with CSRF in the update_settings path. Exact root cause: missing or incorrect nonce validation allows unauthenticated attackers to submit forged requests that alter form settings and inject malicious JavaScript, by prompting a site a...

CVE-2023-6953 PDF Generator For Fluent Forms <= 1.1.7 - Cross-Site Scripting

The PDF Generator For Fluent Forms – The Contact Form Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the header, PDF body and footer content parameters in all versions up to, and including, 1.1.7 due to insufficient input sanitization and output escaping. This makes ...

CVE-2023-6953

CVE-2023-6953: The PDF Generator For Fluent Forms – The Contact Form Plugin (WordPress) is vulnerable to Stored XSS via header, PDF body, and footer content in all versions up to 1.1.7 due to insufficient input sanitization and output escaping. Affected versions are

CVE-2024-1121

CVE-2024-1121 concerns the WordPress plugin Advanced Forms for ACF . The issue is a missing capability check in the function export_json_file(), affecting all versions up to and including 1.9.3.2, enabling unauthenticated attackers to export form settings (unauthorized data access). Public source...

Malicious code in ngpd-merceros-dynamic-forms-fe-components (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware a63c636557949e167ac4cca437135be8c3160f70856ee5911c1817ba2c3f76a9 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...