Cross site request forgery (csrf)

Cross-Site Request Forgery CSRF vulnerability in Nitin Rathod WP Forms Puzzle Captcha allows Stored XSS.This issue affects WP Forms Puzzle Captcha: from n/a through 4.1...

CVE-2023-45609

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in POWR.Io Contact Form – Custom Builder, Payment Form, and More allows Stored XSS.This issue affects Contact Form – Custom Builder, Payment Form, and More: from n/a through 2.1.0...

CVE-2023-48278

CVE-2023-48278 affects the WP Forms Puzzle Captcha WordPress plugin (versions 4.1 when available; if not yet patched, consider disabling the plugin until a patch is released.

CVE-2023-47645

Cross-Site Request Forgery CSRF vulnerability in RegistrationMagic RegistrationMagic – Custom Registration Forms, User Registration, Payment, and User Login allows Cross Site Request Forgery.This issue affects RegistrationMagic – Custom Registration Forms, User Registration, Payment, and User...

Cross site request forgery (csrf)

Cross-Site Request Forgery CSRF vulnerability in RegistrationMagic RegistrationMagic – Custom Registration Forms, User Registration, Payment, and User Login allows Cross Site Request Forgery.This issue affects RegistrationMagic – Custom Registration Forms, User Registration, Payment, and User...

CVE-2023-47645

CVE-2023-47645 concerns the RegistrationMagic WordPress plugin. A CSRF vulnerability affects RegistrationMagic – Custom Registration Forms, User Registration, Payment, and User Login, with exposure noted for versions n/a through 5.2.2.6. Public references document the vulnerability and list a pat...

GHSA-2C7X-W3MX-H7P6 Microweber file upload vulnerability

File Upload vulnerability in Microweber v.2.0.4 allows a remote attacker to execute arbitrary code via a crafted script to the file upload function in the created forms component...

Microweber file upload vulnerability

File Upload vulnerability in Microweber v.2.0.4 allows a remote attacker to execute arbitrary code via a crafted script to the file upload function in the created forms component...

CVE-2023-49052

File Upload vulnerability in Microweber v.2.0.4 allows a remote attacker to execute arbitrary code via a crafted script to the file upload function in the created forms component...

CVE-2023-49052

File Upload vulnerability in Microweber v.2.0.4 allows a remote attacker to execute arbitrary code via a crafted script to the file upload function in the created forms component...

Unrestricted file upload

File Upload vulnerability in Microweber v.2.0.4 allows a remote attacker to execute arbitrary code via a crafted script to the file upload function in the created forms component...

Microweber 安全漏洞

Microweber is an online store management system that provides drag and drop functionality from the Microweber community in the United States. The system includes modules for adding products, images, and more. A file upload vulnerability exists in Microweber version v.2.0.4, which stems from the...

PT-2023-30753 · Nitin Rathod · Wp Forms Puzzle Captcha

Name of the Vulnerable Software and Affected Versions: WP Forms Puzzle Captcha versions n/a through 4.1 Description: A Cross-Site Request Forgery CSRF vulnerability in Nitin Rathod WP Forms Puzzle Captcha allows Stored XSS. Recommendations: For WP Forms Puzzle Captcha versions n/a through 4.1,...

WordPress Forms by CaptainForm Plugin <= 2.5.3 is vulnerable to Cross Site Scripting (XSS)

Software Forms by CaptainForm Type Plugin Vulnerable versions = 2.5.3 Fixed in 2.5.4 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2023-49170 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 40df54b84291 Credits Khalid Yusuf Required...

WordPress BSK Forms Blacklist Plugin <= 3.6.3 is vulnerable to Cross Site Scripting (XSS)

Software BSK Forms Blacklist Type Plugin Vulnerable versions = 3.6.3 Fixed in 3.7 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-5980 Patch priority Low CVSS severity Low 5.9 Developer Claim ownership PSID 330a6bb4d39e Credits Bob Matyas Required...

WP Forms Puzzle Captcha <= 4.1 - Cross-Site Request Forgery to Cross-Site Scripting

Description The WP Forms Puzzle Captcha plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 4.1. This is due to missing or incorrect nonce validation on one of its functions. This makes it possible for unauthenticated attackers to invoke this functio...

dotnet7.0 security update

An update is available for dotnet7.0. This update affects Rocky Linux 8. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list .NET is a managed-software framework. It implements a subset of the .NET...

BSK Forms Blacklist < 3.7 - Admin+ Stored Cross-Site Scripting

Description The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup. 1. In the plugin settings ex:...

BSK Forms Blacklist < 3.7 - Admin+ Stored Cross-Site Scripting

Description The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup. PoC 1. In the plugin settings ex:...

CVE-2023-2707 Appointment booking addon for Gravity Forms <= 1.9.5.1 - Admin+ Stored XSS

The gAppointments WordPress plugin through 1.9.5.1 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...