WordPress Flo Forms Plugin <= 1.0.41 is vulnerable to Broken Access Control

Software Flo Forms Type Plugin Vulnerable versions = 1.0.41 Fixed in 1.0.42 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2023-47692 Patch priority Medium CVSS severity Medium 4.3 Developer Claim ownership PSID 415778b368e8 Credits Abdi Pranata Required...

The vulnerability of the Registration Forms plugin in the WordPress content management system allows a hacker to redirect users to arbitrary websites.

The vulnerability of the Registration Forms plugin in the WordPress content management system involves redirecting URLs to an unreliable website. Exploiting this vulnerability could allow a malicious actor to redirect users to arbitrary websites...

CVE-2023-23796

Improper Neutralization of Formula Elements in a CSV File vulnerability in Muneeb Form Builder | Create Responsive Contact Forms.This issue affects Form Builder | Create Responsive Contact Forms: from n/a through 1.9.9.0...

WordPress Forms for Mailchimp by Optin Cat Plugin <= 2.5.4 is vulnerable to Cross Site Scripting (XSS)

Software Forms for Mailchimp by Optin Cat Type Plugin Vulnerable versions = 2.5.4 Fixed in 2.5.5 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2023-47545 Patch priority Medium CVSS severity Medium 5.9 Developer Claim ownership PSID 6854d5e5d188 Credits DoYeon Park...

WordPress Ninja Forms Plugin < 3.6.34 is vulnerable to Cross Site Scripting (XSS)

Software Ninja Forms Type Plugin Vulnerable versions 3.6.34 Fixed in 3.6.34 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-5530 Patch priority Low CVSS severity Low 5.9 Developer Claim ownership PSID a9b2d204bb4c Credits Jonathan Zamora Required...

WordPress Ninja Forms Contact Form Plugin < 3.6.34 XSS Vulnerability

The WordPress plugin SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:ninjaforms:contactform"; ifdescription...

CVE-2023-5530

The Ninja Forms Contact Form WordPress plugin before 3.6.34 does not sanitize and escape its label fields, which could allow high privilege users such as admin to perform Stored XSS attacks. Only users with the unfilteredhtml capability can perform this, and such users are already allowed to use ...

CVE-2023-5601

The WooCommerce Ninja Forms Product Add-ons WordPress plugin before 1.7.1 does not validate the file to be uploaded, allowing any unauthenticated users to upload arbitrary files to the server, leading to RCE...

Cross site scripting

The Ninja Forms Contact Form WordPress plugin before 3.6.34 does not sanitize and escape its label fields, which could allow high privilege users such as admin to perform Stored XSS attacks. Only users with the unfilteredhtml capability can perform this, and such users are already allowed to use ...

Default credentials

The WooCommerce Ninja Forms Product Add-ons WordPress plugin before 1.7.1 does not validate the file to be uploaded, allowing any unauthenticated users to upload arbitrary files to the server, leading to RCE...

CVE-2023-5601

CVE-2023-5601 affects the WooCommerce Ninja Forms Product Add-ons plugin for WordPress (versions

CVE-2023-5601 WooCommerce Ninja Forms Product Add-ons < 1.7.1 - Unauthenticated Arbitrary File Upload

The WooCommerce Ninja Forms Product Add-ons WordPress plugin before 1.7.1 does not validate the file to be uploaded, allowing any unauthenticated users to upload arbitrary files to the server, leading to RCE...

CVE-2023-5530 Ninja Forms < 3.6.34 - Admin+ Stored XSS

The Ninja Forms Contact Form WordPress plugin before 3.6.34 does not sanitize and escape its label fields, which could allow high privilege users such as admin to perform Stored XSS attacks. Only users with the unfilteredhtml capability can perform this, and such users are already allowed to use ...

CVE-2023-5530

CVE-2023-5530 affects the WordPress plugin Ninja Forms Contact Form, version prior to 3.6.34. The issue is that label fields are not sanitized/escaped, potentially allowing Stored XSS by high-privilege users (admin) who have unfiltered_html, a capability they already possess. The vulnerability is...

PT-2023-32156 · WordPress · Ninja Forms Contact Form

Name of the Vulnerable Software and Affected Versions: Ninja Forms Contact Form WordPress plugin versions prior to 3.6.34 Description: The issue allows high privilege users, such as admins, to perform Stored XSS attacks due to the lack of sanitization and escaping of its label fields. This can be...

WordPress Plugin WooCommerce Ninja Forms Product Add-ons Code Issue Vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A code issue vulnerability exists in...

Rocky Linux 8 : libreoffice (RLSA-2020:4628)

The remote Rocky Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2020:4628 advisory. - LibreOffice has a 'stealth mode' in which only documents from locations deemed 'trusted' are allowed to retrieve remote resources. This mode is not th...

WordPress Contact Forms by Cimatti Plugin <= 1.6.0 is vulnerable to Cross Site Request Forgery (CSRF)

Software Contact Forms by Cimatti Type Plugin Vulnerable versions = 1.6.0 Fixed in 1.6.1 OWASP Top 10 A5: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2023-47230 Patch priority Low CVSS severity Low 5.4 Developer Cimatti Consulting PSID 415f09b860a2 Credits thiennv...

iframe forms <= 1.0 - Contributor+ Stored Cross-Site Scripting

Description The plugin does not properly sanitize and escape the 'iframe' shortcode. This leads to the possibility of stored Cross-Site Scripting where arbitrary web scripts can be injected into pages...

Attackers use JavaScript URLs, API forms and more to scam users in popular online game “Roblox”

Online video games often make use of in-game virtual currency and give players the ability to purchase, trade or sell items. While these features are often selling points for players and potential revenue streams for the companies that make them, they also inevitably draw bad actors and scams. On...