CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

8176 matches found

Positive Technologies•added 2024/01/08 12:0 a.m.•3 views

PT-2024-15103 · WordPress · Formidable Forms

Name of the Vulnerable Software and Affected Versions: Formidable Forms plugin for WordPress versions up to, and including, 6.7 Description: The Formidable Forms plugin for WordPress is vulnerable to HTML injection. This issue allows unauthenticated users to inject arbitrary HTML code into form...

6.5CVSS7.1AI score0.00393EPSS

Exploits0References8

CNNVD•added 2024/01/08 12:0 a.m.•3 views

WordPress Plugin Constant Contact Forms Information Disclosure Vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. WordPress is a blogging platform developed in the PHP language that supports personal blogs on PHP and MySQL servers.WordPress plugin is an application...

7.5CVSS6AI score0.00443EPSS

Exploits0References2

Positive Technologies•added 2024/01/08 12:0 a.m.•4 views

PT-2024-15106 · WordPress · Formidable Forms

Name of the Vulnerable Software and Affected Versions: Formidable Forms – Contact Form, Survey, Quiz, Payment, Calculator Form & Custom Form Builder plugin for WordPress versions up to 6.7 Description: The issue is related to Stored Cross-Site Scripting via the name field label and description...

4.8CVSS5.7AI score0.00316EPSS

Exploits0References6

Positive Technologies•added 2024/01/08 12:0 a.m.•3 views

PT-2024-14474 · Unknown · Constant Contact Forms

Name of the Vulnerable Software and Affected Versions: Constant Contact Forms versions through 2.4.2 Description: The issue is related to the exposure of sensitive information to an unauthorized actor. This is a problem where sensitive data is made accessible to individuals who should not have...

7.5CVSS7.6AI score0.00443EPSS

Exploits0References4

NVD•added 2024/01/05 10:15 a.m.•13 views

CVE-2023-52120

Cross-Site Request Forgery CSRF vulnerability in Basix NEX-Forms – Ultimate Form Builder – Contact forms and much more.This issue affects NEX-Forms – Ultimate Form Builder – Contact forms and much more: from n/a through 8.5.2...

8.8CVSS6.3AI score0.00221EPSS

Exploits0References1

OSV•added 2024/01/05 10:15 a.m.•2 views

CVE-2023-52120

8.8CVSS7.3AI score0.00221EPSS

Exploits0References1

Prion•added 2024/01/05 10:15 a.m.•15 views

Cross site request forgery (csrf)

6.8CVSS7.2AI score0.00221EPSS

Exploits0References1Affected Software1

Cvelist•added 2024/01/05 9:25 a.m.•19 views

CVE-2023-52120 WordPress NEX-Forms – Ultimate Form Builder Plugin <= 8.5.2 is vulnerable to Cross Site Request Forgery (CSRF)

5.4CVSS8.9AI score0.00221EPSS

Exploits0References1

CVE•added 2024/01/05 9:25 a.m.•43 views

CVE-2023-52120

Technical details for CVE-2023-52120 are not provided in the supplied documents. No product/version/impact specifics are available here; monitor for official advisories and updates.

8.8CVSS8.5AI score0.00221EPSS

Exploits0References1Affected Software1

Vulnrichment•added 2024/01/05 9:25 a.m.•13 views

CVE-2023-52120 WordPress NEX-Forms – Ultimate Form Builder Plugin <= 8.5.2 is vulnerable to Cross Site Request Forgery (CSRF)

5.4CVSS7AI score0.00221EPSS

Exploits0References1

WPVulnDB•added 2024/01/05 12:0 a.m.•12 views

HTML Forms < 1.3.30 - Admin+ Stored XSS

Description The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

5.9CVSS4.9AI score0.00336EPSS

Exploits0References1Affected Software1

CNNVD•added 2024/01/05 12:0 a.m.•9 views

WordPress Plugin NEX-Forms Cross-Site Request Forgery Vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site request forger...

8.8CVSS6.5AI score0.00221EPSS

Exploits0References2

WPVulnDB•added 2024/01/05 12:0 a.m.•21 views

Zoho Forms < 3.0.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode

Description The Zoho Forms plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcodes in all versions up to, and including 3.0.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated...

6.5CVSS5.9AI score0.01076EPSS

Exploits0References1Affected Software1

WPVulnDB•added 2024/01/05 12:0 a.m.•22 views

NEX-Forms – Ultimate Form Builder < 8.5.5 - Cross-Site Request Forgery

Description The NEX-Forms – Ultimate Form Builder plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 8.5.2. This is due to missing or incorrect nonce validation on a function. This makes it possible for unauthenticated attackers to perform an...

8.8CVSS6.6AI score0.00221EPSS

Exploits0References1Affected Software1

WPVulnDB•added 2024/01/05 12:0 a.m.•18 views

CRM Perks Forms < 1.1.3 - Authenticated (Administrator+) Stored Cross-Site Scripting

Description The CRM Perks Forms – WordPress Form Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 1.1.2 due to insufficient input sanitization and output escaping on the label field. This makes it possible for...

5.9CVSS5.8AI score0.00336EPSS

Exploits0References1Affected Software1

Positive Technologies•added 2024/01/05 12:0 a.m.•3 views

PT-2024-14417 · Unknown · Basix Nex-Forms

Name of the Vulnerable Software and Affected Versions: Basix NEX-Forms – Ultimate Form Builder – Contact forms and much more versions n/a through 8.5.2 Description: The issue is a Cross-Site Request Forgery CSRF vulnerability. This type of vulnerability allows an attacker to trick a user into...

8.8CVSS8.8AI score0.00221EPSS

Exploits0References4

WPVulnDB•added 2024/01/05 12:0 a.m.•19 views

Everest Forms < 2.0.5 - Admin+ Stored XSS

5.9CVSS5.9AI score0.00336EPSS

Exploits0References1Affected Software1

Patchstack•added 2024/01/03 12:0 a.m.•10 views

WordPress Keap Official Opt-in Forms Plugin <= 2.0.1 is vulnerable to Cross Site Scripting (XSS)

Software Keap Official Opt-in Forms Type Plugin Vulnerable versions = 2.0.1 Fixed in N/A OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2023-52192 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 43abbc32aaec Credits Ngô Thiên An ancorn from...

6.5CVSS6.5AI score0.00322EPSS

Exploits0References2Affected Software1

Patchstack•added 2024/01/03 12:0 a.m.•10 views

WordPress Constant Contact Forms Plugin <= 2.4.2 is vulnerable to Sensitive Data Exposure

Software Constant Contact Forms Type Plugin Vulnerable versions = 2.4.2 Fixed in 2.4.3 OWASP Top 10 A9: Security Logging and Monitoring Failures Classification Sensitive Data Exposure CVE CVE-2023-52208 Patch priority Low CVSS severity Low 5.3 Developer Claim ownership PSID 93880a901c0f Credits...

7.5CVSS6.5AI score0.00443EPSS

Exploits0References2Affected Software1

WPVulnDB•added 2024/01/03 12:0 a.m.•18 views

Piotnet Forms < 1.0.30 - Missing Authorization via multiple AJAX actions

Description The plugin is vulnerable to unauthorized access of data and modification of data due to a missing capability check on multiple AJAX functions, allowing unauthenticated attackers to save draft posts and download arbitrary JSON files from the server...

9.4AI score0.00295EPSS

Exploits0References1Affected Software1

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by