MAL-2024-964 Malicious code in ngpd-merceros-dynamic-forms-fe-components (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware a63c636557949e167ac4cca437135be8c3160f70856ee5911c1817ba2c3f76a9 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

WordPress plugin PDF Generator For Fluent Forms Security Vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports PHP and MySQL servers to set up a personal blog site. WordPress plugin is an application plug-in. WordPress plugin PDF Generator Fo...

WordPress plugin Advanced Forms for ACF security vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers running PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability exists in...

WordPress plugin Formidable Forms security vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. WordPress plugin is an application plugin that supports personal blogs on PHP and MySQL servers. A security vulnerability exists in WordPress plugin...

PT-2024-15727 · WordPress · Formidable Forms

Name of the Vulnerable Software and Affected Versions: Formidable Forms – Contact Form, Survey, Quiz, Payment, Calculator Form & Custom Form Builder plugin for WordPress versions up to, and including, 6.7.2 Description: The issue is due to missing or incorrect nonce validation on the update...

PT-2024-16827 · WordPress · Advanced Forms For Acf

Name of the Vulnerable Software and Affected Versions: Advanced Forms for ACF plugin for WordPress versions prior to 1.9.3.3 Description: The issue is related to unauthorized access of data due to a missing capability check on the export json file function. This allows unauthenticated attackers t...

CVE-2024-0685

The Ninja Forms Contact Form – The Drag and Drop Form Builder for WordPress plugin for WordPress is vulnerable to Second Order SQL Injection via the email address value submitted through forms in all versions up to, and including, 3.7.1 due to insufficient escaping on the user supplied parameter...

CVE-2024-0685

The Ninja Forms Contact Form – The Drag and Drop Form Builder for WordPress plugin for WordPress is vulnerable to Second Order SQL Injection via the email address value submitted through forms in all versions up to, and including, 3.7.1 due to insufficient escaping on the user supplied parameter...

CVE-2024-0685 Ninja Forms Contact Form <= 3.7.1 - Unauthenticated Second Order SQL Injection

The Ninja Forms Contact Form – The Drag and Drop Form Builder for WordPress plugin for WordPress is vulnerable to Second Order SQL Injection via the email address value submitted through forms in all versions up to, and including, 3.7.1 due to insufficient escaping on the user supplied parameter...

CVE-2024-0685

CVE-2024-0685 (Ninja Forms) affects the Ninja Forms Contact Form – The Drag and Drop Form Builder for WordPress plugin. Reported as a Second Order SQL Injection via the email field used in forms, in all versions up to and including 3.7.1. Root cause: insufficient escaping of the user-supplied ema...

CVE-2024-0685 Ninja Forms Contact Form <= 3.7.1 - Unauthenticated Second Order SQL Injection

The Ninja Forms Contact Form – The Drag and Drop Form Builder for WordPress plugin for WordPress is vulnerable to Second Order SQL Injection via the email address value submitted through forms in all versions up to, and including, 3.7.1 due to insufficient escaping on the user supplied parameter...

WordPress plugin Ninja Forms Contact Form security vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. WordPress is a blogging platform developed in the PHP language that supports personal blogs on PHP and MySQL servers.WordPress plugin is an application...

Ninja Forms Contact Form < 3.7.2 - Unauthenticated Second Order SQL Injection

Description The plugin is vulnerable to Second Order SQL Injection via the email address value submitted through forms due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for unauthenticated attackers to...

Smart Forms < 2.6.87 - Subscriber+ Arbitrary Entry Deletion

Description The plugin does not have authorisation in various AJAX actions, which could allow users with a role as low as subscriber to call them and perform unauthorised actions such as deleting entries. The plugin also lacks CSRF checks in some places which could allow attackers to make logged ...

PT-2024-15228 · WordPress · Smart Forms

Name of the Vulnerable Software and Affected Versions: Smart Forms WordPress plugin versions prior to 2.6.87 Description: The issue concerns a lack of authorization in various AJAX actions within the plugin, allowing users with a low role, such as a subscriber, to perform unauthorized actions lik...

Smart Forms < 2.6.87 - Subscriber+ Arbitrary Entry Deletion

Description The plugin does not have authorisation in various AJAX actions, which could allow users with a role as low as subscriber to call them and perform unauthorised actions such as deleting entries. The plugin also lacks CSRF checks in some places which could allow attackers to make logged ...

Statmic CMS vulnerable to account takeover via XSS and password reset link

Impact HTML files crafted to look like jpg files are able to be uploaded, allowing for XSS. This affects: - front-end forms with asset fields without any mime type validation - asset fields in the control panel - asset browser in the control panel Additionally, if the XSS is crafted in a specific...

CVE-2024-24570 Statamic account takeover via XSS and password reset link

Statamic is a Laravel and Git powered CMS. HTML files crafted to look like jpg files are able to be uploaded, allowing for XSS. This affects the front-end forms with asset fields without any mime type validation, asset fields in the control panel, and asset browser in the control panel...

CVE-2023-51509

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Metagauss RegistrationMagic – Custom Registration Forms, User Registration, Payment, and User Login allows Reflected XSS.This issue affects RegistrationMagic – Custom Registration Forms, User...

Cross site scripting

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Metagauss RegistrationMagic – Custom Registration Forms, User Registration, Payment, and User Login allows Reflected XSS.This issue affects RegistrationMagic – Custom Registration Forms, User...