PT-2024-11687 · Unknown · Profilepress

Name of the Vulnerable Software and Affected Versions: ProfilePress Membership Team Paid Membership Plugin, Ecommerce, User Registration Form, Login Form, User Profile & Restrict Content – ProfilePress versions n/a through 4.3.2 Description: The issue is related to Deserialization of Untrusted...

CVE-2023-51464 Adobe Experience Manager | Cross-site Scripting (Stored XSS) (CWE-79)

Adobe Experience Manager versions 6.5.18 and earlier are affected by a stored Cross-Site Scripting XSS vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they brow...

Constant Contact Forms by MailMunch < 2.1.0 - Contributor+ Stored XSS

Description The plugin is vulnerable to Stored Cross-Site Scripting via an unknown parameter due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will...

WordPress Contact Form builder with drag & drop - Kali Forms Plugin <= 2.3.36 is vulnerable to Insecure Direct Object References (IDOR)

Software Contact Form builder with drag & drop - Kali Forms Type Plugin Vulnerable versions = 2.3.36 Fixed in 2.3.37 OWASP Top 10 A1: Broken Access Control Classification Insecure Direct Object References IDOR CVE CVE-2024-22305 Patch priority Low CVSS severity Low 7.5 Developer Claim ownership...

CVE-2023-1405

The Formidable Forms WordPress plugin before 6.2 unserializes user input, which could allow anonymous users to perform PHP Object Injection when a suitable gadget is present...

CVE-2023-1405

The Formidable Forms WordPress plugin before 6.2 unserializes user input, which could allow anonymous users to perform PHP Object Injection when a suitable gadget is present...

CVE-2022-0402

The Super Forms - Drag & Drop Form Builder WordPress plugin before 6.0.4 does not escape the bobczypanstwasprawazostalarozwiazana parameter before outputting it back in an attribute via the superlanguageswitcher AJAX action, leading to a Reflected Cross-Site Scripting. The action is also lacking...

CVE-2022-0402

The Super Forms - Drag & Drop Form Builder WordPress plugin before 6.0.4 does not escape the bobczypanstwasprawazostalarozwiazana parameter before outputting it back in an attribute via the superlanguageswitcher AJAX action, leading to a Reflected Cross-Site Scripting. The action is also lacking...

Cross site scripting

The Super Forms - Drag & Drop Form Builder WordPress plugin before 6.0.4 does not escape the bobczypanstwasprawazostalarozwiazana parameter before outputting it back in an attribute via the superlanguageswitcher AJAX action, leading to a Reflected Cross-Site Scripting. The action is also lacking...

Design/Logic Flaw

The Formidable Forms WordPress plugin before 6.2 unserializes user input, which could allow anonymous users to perform PHP Object Injection when a suitable gadget is present...

CVE-2023-1405 Formidable Forms < 6.2 - Unauthenticated PHP Object Injection

The Formidable Forms WordPress plugin before 6.2 unserializes user input, which could allow anonymous users to perform PHP Object Injection when a suitable gadget is present...

CVE-2023-1405 Formidable Forms < 6.2 - Unauthenticated PHP Object Injection

The Formidable Forms WordPress plugin before 6.2 unserializes user input, which could allow anonymous users to perform PHP Object Injection when a suitable gadget is present...

CVE-2023-1405

CVE-2023-1405 affects the Formidable Forms WordPress plugin up to version 6.1.2. It arises from unserializing user input, enabling unauthenticated PHP Object Injection when a suitable gadget is present. Impact is HIGH (I:HIGH, A:NONE) with remote attacker access. Mitigation: upgrade to version 6....

CVE-2022-0402 Superforms < 6.0.4 - Reflected Cross-Site Scripting

The Super Forms - Drag & Drop Form Builder WordPress plugin before 6.0.4 does not escape the bobczypanstwasprawazostalarozwiazana parameter before outputting it back in an attribute via the superlanguageswitcher AJAX action, leading to a Reflected Cross-Site Scripting. The action is also lacking...

CVE-2022-0402 Superforms < 6.0.4 - Reflected Cross-Site Scripting

The Super Forms - Drag & Drop Form Builder WordPress plugin before 6.0.4 does not escape the bobczypanstwasprawazostalarozwiazana parameter before outputting it back in an attribute via the superlanguageswitcher AJAX action, leading to a Reflected Cross-Site Scripting. The action is also lacking...

CVE-2022-0402

CVE-2022-0402 affects the WordPress plugin Super Forms – Drag & Drop Form Builder prior to 6.0.4. The vulnerability arises because the parameter named in the description (bob_czy_panstwa_sprawa_zostala_rozwiazana) is not escaped before being echoed back in an attribute via the super_language_swit...

WordPress plugin Super Forms security vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. WordPress is a blogging platform developed in the PHP language that supports personal blogs on PHP and MySQL servers.WordPress plugin is an application...

PT-2024-11503 · WordPress · The Super Forms - Drag & Drop Form Builder

Name of the Vulnerable Software and Affected Versions: The Super Forms - Drag & Drop Form Builder WordPress plugin versions prior to 6.0.4 Description: The issue is related to a Reflected Cross-Site Scripting problem. The bob czy panstwa sprawa zostala rozwiazana parameter is not properly escaped...

WordPress plugin Formidable Forms security vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. WordPress plugin is an application plugin that supports personal blog sites on servers running PHP and MySQL. A security vulnerability in the WordPress...

CVE-2023-6941

The Keap Official Opt-in Forms WordPress plugin through 1.0.11 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example, in multisite set...