Keap Official Opt-in Forms <= 1.0.11 - Admin+ Stored XSS

Description The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example, in multisite setup. PoC 1. Store the script in...

WordPress HTML Forms Plugin <= 1.3.29 is vulnerable to Cross Site Scripting (XSS)

Software HTML Forms Type Plugin Vulnerable versions = 1.3.29 Fixed in 1.3.30 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2023-50836 Patch priority Low CVSS severity Low 5.9 Developer Claim ownership PSID 00ea95b31058 Credits Huynh Tien Si Required privilege...

WordPress NEX-Forms – Ultimate Form Builder Plugin <= 8.5.5 is vulnerable to SQL Injection

Software NEX-Forms – Ultimate Form Builder Type Plugin Vulnerable versions = 8.5.5 Fixed in 8.5.6 OWASP Top 10 A3: Injection Classification SQL Injection CVE CVE-2023-50838 Patch priority Low CVSS severity Low 7.6 Developer Claim ownership PSID 3121cd44ed44 Credits Khalid Yusuf Required privilege...

Keap Official Opt-in Forms <= 1.0.11 - Admin+ Stored XSS

Description The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example, in multisite setup. 1. Store the script in non-sanitized...

The vulnerability of the CRM Perks Forms plugin of the WordPress content management system allows a hacker to execute XSS attacks.

The vulnerability of the CRM Perks Forms plugin of the WordPress content management system is related to the lack of protective measures for the website structure. Exploiting this vulnerability allows a malicious actor to carry out XSS attacks...

CVE-2023-30872

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in BannerSky BSK Forms Blacklist.This issue affects BSK Forms Blacklist: from n/a through 3.6.2...

CVE-2023-30872

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in BannerSky BSK Forms Blacklist.This issue affects BSK Forms Blacklist: from n/a through 3.6.2...

Sql injection

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in BannerSky BSK Forms Blacklist.This issue affects BSK Forms Blacklist: from n/a through 3.6.2...

CVE-2023-30872 WordPress BSK Forms Blacklist Plugin <= 3.6.2 is vulnerable to SQL Injection

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in BannerSky BSK Forms Blacklist.This issue affects BSK Forms Blacklist: from n/a through 3.6.2...

CVE-2023-30872 WordPress BSK Forms Blacklist Plugin <= 3.6.2 is vulnerable to SQL Injection

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in BannerSky BSK Forms Blacklist.This issue affects BSK Forms Blacklist: from n/a through 3.6.2...

CVE-2023-30872

CVE-2023-30872 : The WordPress plugin BSK Forms Blacklist (versions

CVE-2023-28782

Deserialization of Untrusted Data vulnerability in Rocketgenius Inc. Gravity Forms.This issue affects Gravity Forms: from n/a through 2.7.3...

CVE-2023-28782

Deserialization of Untrusted Data vulnerability in Rocketgenius Inc. Gravity Forms.This issue affects Gravity Forms: from n/a through 2.7.3...

Deserialization of untrusted data

Deserialization of Untrusted Data vulnerability in Rocketgenius Inc. Gravity Forms.This issue affects Gravity Forms: from n/a through 2.7.3...

CVE-2023-28782

Described vulnerability CVE-2023-28782 affects Gravity Forms WordPress plugin versions

WordPress Plugin Gravity Forms Code Issue Vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers running PHP and MySQL.WordPress plugin is an application plugin. A code issue vulnerability exists i...

CVE-2023-37982

URL Redirection to Untrusted Site 'Open Redirect' vulnerability in CRM Perks Integration for Salesforce and Contact Form 7, WPForms, Elementor, Ninja Forms.This issue affects Integration for Salesforce and Contact Form 7, WPForms, Elementor, Ninja Forms: from n/a through 1.3.3...

Open redirect

URL Redirection to Untrusted Site 'Open Redirect' vulnerability in CRM Perks Integration for Salesforce and Contact Form 7, WPForms, Elementor, Ninja Forms.This issue affects Integration for Salesforce and Contact Form 7, WPForms, Elementor, Ninja Forms: from n/a through 1.3.3...

CVE-2023-37982

CVE-2023-37982 involves an Open Redirect in the WordPress plugin Integrations for Contact Form 7 and Salesforce (CF7-Salesforce) up to version 1.3.3. The root cause is URL redirection to untrusted sites. A fixed version, 1.3.4, is available. Patch/mitigation: upgrade the plugin to 1.3.4 or later ...

CVE-2023-37982 WordPress Integration for Contact Form 7 and Salesforce Plugin <= 1.3.3 is vulnerable to Open Redirection

URL Redirection to Untrusted Site 'Open Redirect' vulnerability in CRM Perks Integration for Salesforce and Contact Form 7, WPForms, Elementor, Ninja Forms.This issue affects Integration for Salesforce and Contact Form 7, WPForms, Elementor, Ninja Forms: from n/a through 1.3.3...