BazaCall Phishing Scammers Now Leveraging Google Forms for Deception

The threat actors behind the BazaCall call back phishing attacks have been observed leveraging Google Forms to lend the scheme a veneer of credibility. The method is an "attempt to elevate the perceived authenticity of the initial malicious emails," cybersecurity firm Abnormal Security said in a...

Jenkins PaaSLane Estimate Plugin Security Vulnerability

Jenkins and Jenkins Plugin are both Jenkins open source products.Jenkins is a software application . An open source automation server Jenkins provides hundreds of plugins to support building, deploying, and automating any project.Jenkins Plugin is a software application. A security vulnerability...

Umbraco Cross-Site Scripting Vulnerability

Umbraco is an open source Content Management System CMS written in C by the Danish company Umbraco. Umbraco suffers from a cross-site scripting vulnerability that originates from a user with access to specific parts of the backend being able to inject HTML code into unwanted forms...

PT-2023-7898 · Adobe · Experience Manager

Name of the Vulnerable Software and Affected Versions: Adobe Experience Manager versions 6.5.18 and earlier Description: The issue is related to a stored Cross-Site Scripting XSS vulnerability that could be exploited by a low-privileged attacker to inject malicious scripts into vulnerable form...

Optin Forms <= 1.3.6 - Authenticated (Administrator+) Stored Cross-Site Scripting

Description The Optin Forms – Simple List Building Plugin for WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 1.3.6 due to insufficient input sanitization and output escaping. This makes it possible for...

Smart Forms < 2.6.85 - Subscriber+ Arbitrary Options Update

Description The plugin does not have authorisation in an AJAX action hooked to smartformssavesettings, and does not ensure that the option to be updated belong to the plugin. As a result, any authenticated users, such as subscriber could update arbitrary options such as defaultrole and...

Piotnet Forms < 1.0.29 - Unauthenticated Arbitrary File Upload

Description The Piotnet Forms plugin for WordPress is vulnerable to arbitrary file uploads due to insufficient file type validation in the 'piotnetformsajaxformbuilder' function in versions up to, and including, 1.0.28. This makes it possible for unauthenticated attackers to upload arbitrary file...

CVE-2023-35909

Uncontrolled Resource Consumption vulnerability in Saturday Drive Ninja Forms Contact Form – The Drag and Drop Form Builder for WordPress leading to DoS.This issue affects Ninja Forms Contact Form – The Drag and Drop Form Builder for WordPress: from n/a through 3.6.25...

CVE-2023-47779

URL Redirection to Untrusted Site 'Open Redirect' vulnerability in CRM Perks. Integration for Constant Contact and Contact Form 7, WPForms, Elementor, Ninja Forms.This issue affects Integration for Constant Contact and Contact Form 7, WPForms, Elementor, Ninja Forms: from n/a through 1.1.4...

CVE-2023-35909

Uncontrolled Resource Consumption vulnerability in Saturday Drive Ninja Forms Contact Form – The Drag and Drop Form Builder for WordPress leading to DoS.This issue affects Ninja Forms Contact Form – The Drag and Drop Form Builder for WordPress: from n/a through 3.6.25...

CVE-2023-47779

URL Redirection to Untrusted Site 'Open Redirect' vulnerability in CRM Perks. Integration for Constant Contact and Contact Form 7, WPForms, Elementor, Ninja Forms.This issue affects Integration for Constant Contact and Contact Form 7, WPForms, Elementor, Ninja Forms: from n/a through 1.1.4...

Open redirect

URL Redirection to Untrusted Site 'Open Redirect' vulnerability in CRM Perks. Integration for Constant Contact and Contact Form 7, WPForms, Elementor, Ninja Forms.This issue affects Integration for Constant Contact and Contact Form 7, WPForms, Elementor, Ninja Forms: from n/a through 1.1.4...

Denial of service

Uncontrolled Resource Consumption vulnerability in Saturday Drive Ninja Forms Contact Form – The Drag and Drop Form Builder for WordPress leading to DoS.This issue affects Ninja Forms Contact Form – The Drag and Drop Form Builder for WordPress: from n/a through 3.6.25...

CVE-2023-47779

CVE-2023-47779 describes an Open Redirect in the WordPress plugin Integration for Constant Contact and Contact Form 7, WPForms, Elementor, Ninja Forms (up to version 1.1.4). Root cause is unvalidated redirect URL handling, enabling unauthenticated attackers to redirect users to a malicious site. ...

CVE-2023-47779 WordPress Integration for Contact Form 7 and Constant Contact Plugin <= 1.1.4 is vulnerable to Open Redirection

URL Redirection to Untrusted Site 'Open Redirect' vulnerability in CRM Perks. Integration for Constant Contact and Contact Form 7, WPForms, Elementor, Ninja Forms.This issue affects Integration for Constant Contact and Contact Form 7, WPForms, Elementor, Ninja Forms: from n/a through 1.1.4...

CVE-2023-35909

CVE-2023-35909 affects the Ninja Forms Contact Form (Ninja Forms) WordPress plugin, specifically versions up to 3.6.25. It is an Uncontrolled Resource Consumption vulnerability that can cause a Denial of Service (DoS) and is exploitable without authentication via large form submissions. CVSS v3.1...

WordPress Smart Forms Plugin <= 2.6.84 is vulnerable to Broken Access Control

Software Smart Forms Type Plugin Vulnerable versions = 2.6.84 Fixed in 2.6.85 OWASP Top 10 A1: Broken Access Control Classification Broken Access Control CVE CVE-2023-49856 Patch priority High CVSS severity High 8.1 Developer Claim ownership PSID 636ea1edcfea Credits Abdi Pranata Required privile...

WordPress Plugin Ninja Forms Contact Form Resource Management Error Vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. WordPress is a blogging platform developed in the PHP language that supports personal blogs on PHP and MySQL servers.WordPress plugin is an application...

WordPress Optin Forms Plugin <= 1.3.6 is vulnerable to Cross Site Scripting (XSS)

Software Optin Forms Type Plugin Vulnerable versions = 1.3.6 Fixed in 1.3.7 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2023-49841 Patch priority Low CVSS severity Low 5.9 Developer Claim ownership PSID 11e6af66fb2d Credits DoYeon Park p6rkdoye0n Required privilege...

CVE-2023-48278

Cross-Site Request Forgery CSRF vulnerability in Nitin Rathod WP Forms Puzzle Captcha allows Stored XSS.This issue affects WP Forms Puzzle Captcha: from n/a through 4.1...