CVE-2024-22305

CVE-2024-22305 affects the Kali Forms WordPress plugin (Contact Form builder with drag & drop) up to version 2.3.36. The vulnerability is Insecure Direct Object References (IDOR) caused by user-controlled access to form object data, allowing unauthorized access to potentially sensitive resources....

CVE-2024-22305 WordPress Contact Form builder with drag & drop - Kali Forms Plugin <= 2.3.36 is vulnerable to Insecure Direct Object References (IDOR)

Authorization Bypass Through User-Controlled Key vulnerability in ali Forms Contact Form builder with drag & drop for WordPress – Kali Forms.This issue affects Contact Form builder with drag & drop for WordPress – Kali Forms: from n/a through 2.3.36...

WordPress Formidable Forms Plugin <= 6.7 is vulnerable to Content Injection

Software Formidable Forms Type Plugin Vulnerable versions = 6.7 Fixed in 6.7.1 OWASP Top 10 A3: Injection Classification Content Injection CVE CVE-2024-23522 Patch priority Medium CVSS severity Medium 5.3 Developer Claim ownership PSID b82c61d4e6f0 Credits Revan Arifio Required privilege...

NEX-Forms – Ultimate Form Builder – Contact forms and much more < 8.5.7 - Missing Authorization via set_starred()

Description The NEX-Forms – Ultimate Form Builder – Contact forms and much more plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on the setstarred function in all versions up to, and including, 8.5.6. This makes it possible for authenticated attackers,...

NEX-Forms – Ultimate Form Builder – Contact forms and much more < 8.5.7 - Missing Authorization via set_read()

Description The NEX-Forms – Ultimate Form Builder – Contact forms and much more plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on the setread function in all versions up to, and including, 8.5.6. This makes it possible for authenticated attackers, with...

NEX-Forms – Ultimate Form Builder – Contact forms and much more < 8.5.7 - Missing Authorization via restore_records()

Description The NEX-Forms – Ultimate Form Builder – Contact forms and much more plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on the restorerecords function in all versions up to, and including, 8.5.6. This makes it possible for authenticated attacker...

PT-2024-19327 · WordPress · Kali Forms

Name of the Vulnerable Software and Affected Versions: Contact Form builder with drag & drop for WordPress – Kali Forms versions 2.3.36 and earlier Description: The issue is related to an Authorization Bypass Through User-Controlled Key vulnerability. This vulnerability affects the Contact Form...

WordPress Formidable Forms Plugin <= 6.7.2 is vulnerable to Cross Site Request Forgery (CSRF)

Software Formidable Forms Type Plugin Vulnerable versions = 6.7.2 Fixed in 6.8 OWASP Top 10 A5: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2024-0660 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID 7a7ac0638cbc Credits Webbernaut Required...

CVE-2024-0618

The Contact Form Plugin – Fastest Contact Form Builder Plugin for WordPress by Fluent Forms plugin for WordPress is vulnerable to Stored Cross-Site Scripting via imported form titles in all versions up to, and including, 5.1.5 due to insufficient input sanitization and output escaping. This makes...

CVE-2024-0618 Fluent Forms <= 5.1.5 - Authenticated(Administrator+) Stored Cross-Site Scripting via imported form title

The Contact Form Plugin – Fastest Contact Form Builder Plugin for WordPress by Fluent Forms plugin for WordPress is vulnerable to Stored Cross-Site Scripting via imported form titles in all versions up to, and including, 5.1.5 due to insufficient input sanitization and output escaping. This makes...

CVE-2024-0618

CVE-2024-0618 affects the Fluent Form plugin for WordPress (Contact Form Plugin – Fastest Contact Form Builder) up to version 5.1.5. The issue is a stored Cross-Site Scripting (XSS) vulnerability caused by insufficient input sanitization and output escaping for imported form titles. The vulnerabi...

[SECURITY] Fedora 39 Update: atril-1.26.2-1.fc39

Mate-document-viewer is simple document viewer. It can display and print Portable Document Format PDF, PostScript PS, Encapsulated PostScript EPS, DVI, DJVU, epub and XPS files. When supported by the document format, mate-document-viewer allows searching for text, copying text to the clipboard,...

WordPress plugin Fluent Forms security vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers running PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability exists in...

Formidable Forms < 6.8 - CSRF to Stored Cross-Site Scripting

Description The plugin is vulnerable to Cross-Site Request Forgery due to missing or incorrect nonce validation on the updatesettings function. This makes it possible for unauthenticated attackers to change form settings and add malicious JavaScript via a forged request granted they can trick a...

PT-2024-15694 · WordPress · Fluent Forms

Name of the Vulnerable Software and Affected Versions: The Contact Form Plugin – Fastest Contact Form Builder Plugin for WordPress by Fluent Forms plugin for WordPress versions up to, and including, 5.1.5 Description: The issue is related to Stored Cross-Site Scripting via imported form titles du...

Contact Form builder with drag & drop - Kali Forms < 2.3.37 - Insecure Direct Object Reference

Description The Contact Form builder with drag & drop for WordPress – Kali Forms plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 2.3.38 due to missing validation on a user controlled key. This makes it possible for unauthenticated...

WordPress PDF Generator For Fluent Forms Plugin <= 1.1.7 is vulnerable to Cross Site Scripting (XSS)

Software PDF Generator For Fluent Forms Type Plugin Vulnerable versions = 1.1.7 Fixed in 1.1.8 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-6953 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID f3bea2a974ac Credits drop...

PDF Generator For Fluent Forms < 1.1.8 - Cross-Site Scripting

Description The PDF Generator For Fluent Forms – The Contact Form Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the header, PDF body and footer content parameters in all versions up to, and including, 1.1.7 due to insufficient input sanitization and output escaping...

CVE-2023-7063

The WPForms Pro plugin for WordPress is vulnerable to Stored Cross-Site Scripting via form submission parameters in all versions up to, and including, 1.8.5.3 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web...

Fluent Forms < 5.1.7 - Admin+ Stored Cross-Site Scripting via imported form title

Description The plugin is vulnerable to Stored Cross-Site Scripting via imported form titles in all versions up to, and including, 5.1.5 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level access, to inject...