Cross site scripting

The Keap Official Opt-in Forms WordPress plugin through 1.0.11 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example, in multisite set...

CVE-2023-4925 Easy Forms for Mailchimp <= 6.8.10 - Admin+ Stored Cross-Site Scripting

The Easy Forms for Mailchimp WordPress plugin through 6.8.10 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Cross-Site Scripting attacks even when unfilteredhtml is disallowed...

CVE-2023-6941

The CVE concerns the Keap Official Opt-in Forms WordPress plugin, affected versions 1.0.11 and earlier. The vulnerability is Admin+ Stored XSS caused by insufficient sanitisation/escaping of settings (e.g., Opt in title, message, success text), which can execute scripts in the context of high-pri...

WordPress Plugin Easy Forms for Mailchimp Security Vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A security vulnerability exists in WordPres...

PT-2024-13708 · WordPress · Easy Forms For Mailchimp

Name of the Vulnerable Software and Affected Versions: Easy Forms for Mailchimp WordPress plugin versions 6.8.10 and earlier Description: The issue concerns the lack of proper sanitization and escaping of some settings in the plugin, which could allow high-privilege users, such as administrators,...

PT-2024-15133 · WordPress · Keap Official Opt-In Forms

Name of the Vulnerable Software and Affected Versions: Keap Official Opt-in Forms WordPress plugin versions 1.0.11 and earlier Description: The issue allows high privilege users, such as admins, to perform Stored Cross-Site Scripting attacks due to the plugin's failure to sanitise and escape some...

CVE-2024-22137

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in MailMunch Constant Contact Forms by MailMunch allows Stored XSS.This issue affects Constant Contact Forms by MailMunch: from n/a through 2.0.11...

CVE-2024-22137

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in MailMunch Constant Contact Forms by MailMunch allows Stored XSS.This issue affects Constant Contact Forms by MailMunch: from n/a through 2.0.11...

Cross site scripting

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in MailMunch Constant Contact Forms by MailMunch allows Stored XSS.This issue affects Constant Contact Forms by MailMunch: from n/a through 2.0.11...

WordPress Plugin MailMunch Constant Contact Forms Cross-Site Scripting Vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A cross-site scripting vulnerability exists...

CVE-2024-22137

CVE-2024-22137 affects Constant Contact Forms by MailMunch (WordPress plugin)

CVE-2024-22137 WordPress Constant Contact Forms by MailMunch Plugin <= 2.0.11 is vulnerable to Cross Site Scripting (XSS)

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in MailMunch Constant Contact Forms by MailMunch allows Stored XSS.This issue affects Constant Contact Forms by MailMunch: from n/a through 2.0.11...

Constant Contact Forms < 2.4.3 - Information Disclosure via Log Files

Description The Constant Contact Forms plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.4.2. This makes it possible for unauthenticated attackers to extract sensitive data from log files...

CVE-2023-6220

The Piotnet Forms plugin for WordPress is vulnerable to arbitrary file uploads due to insufficient file type validation in the 'piotnetformsajaxformbuilder' function in versions up to, and including, 1.0.26. This makes it possible for unauthenticated attackers to upload arbitrary files on the...

CVE-2023-6220

The Piotnet Forms plugin for WordPress is vulnerable to arbitrary file uploads due to insufficient file type validation in the 'piotnetformsajaxformbuilder' function in versions up to, and including, 1.0.28. This makes it possible for unauthenticated attackers to upload arbitrary files on the...

Input validation

The Piotnet Forms plugin for WordPress is vulnerable to arbitrary file uploads due to insufficient file type validation in the 'piotnetformsajaxformbuilder' function in versions up to, and including, 1.0.26. This makes it possible for unauthenticated attackers to upload arbitrary files on the...

CVE-2023-6220 Piotnet Forms <= 1.0.28 - Unauthenticated Arbitrary File Upload

The Piotnet Forms plugin for WordPress is vulnerable to arbitrary file uploads due to insufficient file type validation in the 'piotnetformsajaxformbuilder' function in versions up to, and including, 1.0.28. This makes it possible for unauthenticated attackers to upload arbitrary files on the...

CVE-2023-6220

CVE-2023-6220 concerns the Piotnet Forms WordPress plugin (versions up to and including 1.0.26). The vulnerability arises from insufficient file type validation in the function piotnetforms_ajax_form_builder, allowing unauthenticated attackers to upload arbitrary files to the server, with potenti...

CVE-2023-6220 Piotnet Forms <= 1.0.28 - Unauthenticated Arbitrary File Upload

The Piotnet Forms plugin for WordPress is vulnerable to arbitrary file uploads due to insufficient file type validation in the 'piotnetformsajaxformbuilder' function in versions up to, and including, 1.0.28. This makes it possible for unauthenticated attackers to upload arbitrary files on the...

WordPress Plugin Piotnet Forms Security Vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...