VulnCheck KEV: CVE-2023-0552

The Registration Forms WordPress plugin before 3.8.2.3 does not properly validate the redirection URL when logging in and login out, leading to an Open Redirect vulnerability...

Contact Form for Plugin by Fluent Forms < 5.0.9 - Insecure Direct Object Reference

Description The Contact Form for Plugin by Fluent Forms plugin for WordPress is vulnerable to Insecure Direct Object Reference in versions up to, and including, 5.0.8 via the addIsRenderableFilter function due to missing validation on the publication status of a form. This makes it possible for...

Contact Form builder with drag & drop - Kali Forms < 2.3.29 - Missing Authorization via get_log

Description The Contact Form builder with drag & drop - Kali Forms plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on the getlog function in versions up to, and including, 2.3.28. This makes it possible for authenticated attackers, with subscriber-level...

Contact Form builder with drag & drop - Kali Forms < 2.3.28 - Missing Authorization via Contact Form

Description The Contact Form builder with drag & drop - Kali Forms plugin for WordPress is vulnerable to unauthorized modification of data due to a missing check on the runformprocesschecks function in versions up to, and including, 2.3.27. This makes it possible for unauthenticated attackers to...

Quill Forms < 3.4.0 - Cross-Site Request Forgery

Description The Quill Forms | The Best Typeform Alternative | Create Conversational Multi Step Form, Survey, Quiz, Cost Estimation or Donation Form on WordPress plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 3.3.0. This is due to missing or...

Flo Forms <= 1.0.41 - Missing Authorization via flo_send_test_email

Description The Flo Forms plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the flosendtestemail function in versions up to, and including, 1.0.41. This makes it possible for authenticated attackers, with subscriber-level access and above...

Integration for Contact Form 7 and Constant Contact < 1.1.5 - Open Redirect

Description The Integration for Constant Contact and Contact Form 7, WPForms, Elementor, Ninja Forms plugin for WordPress is vulnerable to Open Redirect in all versions up to, and including, 1.1.4. This is due to insufficient validation a redirect url. This makes it possible for unauthenticated...

WP User Frontend < 3.6.9 - Missing Authorization via AJAX actions

Description The WP User Frontend plugin for WordPress is vulnerable to unauthorized functionality use due to a missing capability check on several functions corresponding to AJAX actions in versions up to, and including, 3.6.8. This makes it possible for authenticated attackers, with...

CVE-2023-47816

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Charitable Donations & Fundraising Team Donation Forms by Charitable plugin = 1.7.0.13 versions...

CVE-2023-47816

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Charitable Donations & Fundraising Team Donation Forms by Charitable plugin = 1.7.0.13 versions...

GHSA-8JJH-J3C2-CJCV Cross-site Scripting via uploaded assets

Impact HTML files crafted to look like images may be uploaded regardless of mime validation. This is only applicable on front-end forms using the "Forms" feature containing an assets field, or within the control panel which requires authentication. Patches It has been patched on 3.4.15 and 4.36.0...

Cross-site Scripting via uploaded assets

Impact HTML files crafted to look like images may be uploaded regardless of mime validation. This is only applicable on front-end forms using the "Forms" feature containing an assets field, or within the control panel which requires authentication. Patches It has been patched on 3.4.15 and 4.36.0...

WordPress WP Forms Puzzle Captcha Plugin <= 4.1 is vulnerable to Bypass Vulnerability

Software WP Forms Puzzle Captcha Type Plugin Vulnerable versions = 4.1 Fixed in N/A OWASP Top 10 A4: Insecure Design Classification Bypass Vulnerability CVE CVE-2023-48276 Patch priority Low CVSS severity Low 5.3 Developer Claim ownership PSID 9254034af79f Credits qilin99 Required privilege...

WordPress Plugin Donation Forms by Charitable Cross-Site Scripting Vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A cross-site scripting vulnerability exists...

PT-2023-30626 · Charitable · Charitable Donations & Fundraising Team Donation Forms

Name of the Vulnerable Software and Affected Versions: Charitable Donations & Fundraising Team Donation Forms by Charitable plugin versions = 1.7.0.13 Description: The issue is related to improper neutralization of input during web page generation, which can lead to Cross-site Scripting...

WordPress WP Forms Puzzle Captcha Plugin <= 4.1 is vulnerable to Cross Site Request Forgery (CSRF)

Software WP Forms Puzzle Captcha Type Plugin Vulnerable versions = 4.1 Fixed in N/A OWASP Top 10 A1: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2023-48278 Patch priority Low CVSS severity Low 7.1 Developer Claim ownership PSID fe5374d7289c Credits qilin99 Require...

Authentication flaw

Statamic CMS is a Laravel and Git powered content management system CMS. Prior to versions 3.4.15 an 4.36.0, HTML files crafted to look like images may be uploaded regardless of mime validation. This is only applicable on front-end forms using the "Forms" feature containing an assets field, or...

CVE-2023-48701 Statamic CMS vulnerable to Cross-site Scripting via uploaded assets

Statamic CMS is a Laravel and Git powered content management system CMS. Prior to versions 3.4.15 an 4.36.0, HTML files crafted to look like images may be uploaded regardless of mime validation. This is only applicable on front-end forms using the "Forms" feature containing an assets field, or...

PT-2023-30910 · Unknown · Statamic Cms

Name of the Vulnerable Software and Affected Versions: Statamic CMS versions prior to 3.4.15 and 4.36.0 Description: The issue allows HTML files crafted to look like images to be uploaded, bypassing mime validation. This is applicable on front-end forms using the "Forms" feature with an assets...

Oracle Linux 9 : skopeo (ELSA-2023-6363)

The remote Oracle Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2023-6363 advisory. - rebuild for following CVEs: CVE-2022-41724 CVE-2022-41725 CVE-2023-24537 CVE-2023-24538 CVE-2023-24534 CVE-2023-24536 CVE-2022-41723 CVE-2023-24539...