Local File Inclusion

Winter CMS is vulnerable to Local File Inclusion. The vulnerability is due to improper user input validation within the ColorPicker FormWidget. This issue can be exploited by an attacker with access to the backend forms by including a malicious custom stylesheets via LESS in the ColorPicker...

PT-2023-31705 · Zoho · Zoho Forms Form Plugin For Wordpress

Name of the Vulnerable Software and Affected Versions: Zoho Forms Form plugin for WordPress versions through 3.0.1 Description: The issue is related to Improper Neutralization of Input During Web Page Generation, also known as Cross-site Scripting. This allows Stored XSS, which affects the Zoho...

WordPress Plugin Piotnet Forms Code Issue Vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A code issue vulnerability exists in...

WordPress Plugin Integration for HubSpot and Contact Form 7, WPForms, Elementor, Ninja Forms Input Validation Error Vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers running PHP and MySQL.WordPress plugin is an application plugin. WordPress Plugin Integration for...

WordPress Plugin Block IPs for Gravity Forms Cross-Site Request Forgery Vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. WordPress plugin is an application plugin that supports personal blogs on PHP and MySQL servers. A cross-site request forgery vulnerability exists in...

PT-2023-23151 · Unknown +2 · Contact Form 7 +4

Name of the Vulnerable Software and Affected Versions: CRM Perks Integration for HubSpot and Contact Form 7, WPForms, Elementor, Ninja Forms versions 1.2.8 and earlier Description: The issue is related to a URL Redirection to Untrusted Site, also known as an 'Open Redirect' vulnerability. This...

PT-2023-31789 · Unknown · Bright Plugins Block Ips For Gravity Forms

Name of the Vulnerable Software and Affected Versions: Bright Plugins Block IPs for Gravity Forms versions 1.0.1 and earlier Description: A Cross-Site Request Forgery CSRF issue affects the software, allowing unauthorized actions to be performed. This can be exploited by tricking a user into...

CVE-2023-50838

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Basix NEX-Forms – Ultimate Form Builder – Contact forms and much more.This issue affects NEX-Forms – Ultimate Form Builder – Contact forms and much more: from n/a through 8.5.5...

CVE-2023-50838

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Basix NEX-Forms – Ultimate Form Builder – Contact forms and much more.This issue affects NEX-Forms – Ultimate Form Builder – Contact forms and much more: from n/a through 8.5.5...

Sql injection

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Basix NEX-Forms – Ultimate Form Builder – Contact forms and much more.This issue affects NEX-Forms – Ultimate Form Builder – Contact forms and much more: from n/a through 8.5.5...

CVE-2023-50838 WordPress NEX-Forms – Ultimate Form Builder Plugin <= 8.5.5 is vulnerable to SQL Injection

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Basix NEX-Forms – Ultimate Form Builder – Contact forms and much more.This issue affects NEX-Forms – Ultimate Form Builder – Contact forms and much more: from n/a through 8.5.5...

CVE-2023-50838

CVE-2023-50838 corresponds to an SQL Injection vulnerability in NEX-Forms – Ultimate Form Builder for WordPress. The issue affects the NEX-Forms – Ultimate Form Builder – Contact forms and much more plugin, up to version 8.5.5. According to sources, this was an authenticated issue requiring at le...

CVE-2023-50846

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in RegistrationMagic RegistrationMagic – Custom Registration Forms, User Registration, Payment, and User Login.This issue affects RegistrationMagic – Custom Registration Forms, User Registration,...

CVE-2023-50846

Mode C: CVE-2023-50846 affects RegistrationMagic – Custom Registration Forms, User Registration, Payment, and User Login (WordPress). The issue is an SQL Injection in RegistrationMagic up to version 5.2.4.5 caused by improper neutralization of user-controlled input. Impact is significant (high), ...

CVE-2023-50836

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in ibericode HTML Forms allows Stored XSS.This issue affects HTML Forms: from n/a through 1.3.28...

CVE-2023-50836

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in ibericode HTML Forms allows Stored XSS.This issue affects HTML Forms: from n/a through 1.3.28...

Cross site scripting

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in ibericode HTML Forms allows Stored XSS.This issue affects HTML Forms: from n/a through 1.3.28...

CVE-2023-50836 WordPress HTML Forms Plugin <= 1.3.28 is vulnerable to Cross Site Scripting (XSS)

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in ibericode HTML Forms allows Stored XSS.This issue affects HTML Forms: from n/a through 1.3.28...

CVE-2023-50836

CVE-2023-50836 affects WordPress HTML Forms Plugin versions up to 1.3.28 (and ≤1.3.29 per PatchStack) with a Stored Cross-Site Scripting (XSS) vulnerability due to improper neutralization of input during web page generation. The issue is tied to the ibericode HTML Forms integration in the plugin,...

CVE-2023-50836 WordPress HTML Forms Plugin <= 1.3.28 is vulnerable to Cross Site Scripting (XSS)

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in ibericode HTML Forms allows Stored XSS.This issue affects HTML Forms: from n/a through 1.3.28...