The vulnerability of the Ninja Forms Contact Form plugin of the WordPress content management system allows attackers to perform cross-site scripting attacks.

The vulnerability of the Ninja Forms Contact Form plugin of the WordPress content management system is related to the lack of protective measures for the website’s structure. Exploiting this vulnerability allows a malicious actor to perform cross-site scripting attacks...

CVE-2023-31212

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in CRM Perks Database for Contact Form 7, WPforms, Elementor forms contact-form-entries allows SQL Injection.This issue affects Database for Contact Form 7, WPforms, Elementor forms: from n/a through...

CVE-2023-24410

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Contact Form - WPManageNinja LLC Contact Form Plugin – Fastest Contact Form Builder Plugin for WordPress by Fluent Forms fluentform allows SQL Injection.This issue affects Contact Form Plugin –...

CVE-2023-31212

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in CRM Perks Database for Contact Form 7, WPforms, Elementor forms contact-form-entries allows SQL Injection.This issue affects Database for Contact Form 7, WPforms, Elementor forms: from n/a through...

Sql injection

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Contact Form - WPManageNinja LLC Contact Form Plugin – Fastest Contact Form Builder Plugin for WordPress by Fluent Forms fluentform allows SQL Injection.This issue affects Contact Form Plugin –...

Sql injection

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in CRM Perks Database for Contact Form 7, WPforms, Elementor forms contact-form-entries allows SQL Injection.This issue affects Database for Contact Form 7, WPforms, Elementor forms: from n/a through...

CVE-2023-24410

CVE-2023-24410: WordPress plugin FluentForm (Contact Form Plugin – Fastest Contact Form Builder)

CVE-2023-5098

The Campaign Monitor Forms by Optin Cat WordPress plugin before 2.5.6 does not prevent users with low privileges like subscribers from overwriting any options on a site with the string "true", which could lead to a variety of outcomes, including DoS...

Design/Logic Flaw

The Campaign Monitor Forms by Optin Cat WordPress plugin before 2.5.6 does not prevent users with low privileges like subscribers from overwriting any options on a site with the string "true", which could lead to a variety of outcomes, including DoS...

CVE-2023-31212

CVE-2023-31212 is a SQL Injection vulnerability affecting the WordPress plugin Contact Form Entries (and related variants) up to version 1.3.0. The issue arises from improper neutralization of inputs used in an SQL command, enabling injection under the plugin’s Authorized Contributor workflow. Pu...

CVE-2023-5098

CVE-2023-5098: Campaign Monitor Forms by Optin Cat for WordPress (pre-2.5.6) allows a Subscriber+ level attacker to overwrite arbitrary WordPress options by calling an AJAX action (fca_eoi_dismiss) with the value true, enabling a denial-of-service style attack. Root cause is broken access control...

CVE-2023-5073

The iframe forms plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'iframe' shortcode in versions up to, and including, 1.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and...

CVE-2023-5073

The iframe forms plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'iframe' shortcode in versions up to, and including, 1.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and...

CVE-2023-5073

CVE-2023-5073 concerns the WordPress plugin “iframe forms.” The vulnerability is a Stored Cross‑Site Scripting (XSS) via the iframe shortcode in versions up to and including 1.0, caused by insufficient input sanitization and output escaping. An attacker with Contributor level or higher authentica...

PT-2023-23234 · Wpforms +1 · Wpforms +2

Name of the Vulnerable Software and Affected Versions: Database for Contact Form 7, WPforms, Elementor forms versions 1.3.0 and earlier Description: The issue is related to an SQL Injection vulnerability due to improper neutralization of special elements used in an SQL command. This allows for SQ...

WordPress Plugin iframe forms cross-site scripting vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. WordPress is a blogging platform developed in the PHP language that supports personal blogs on PHP and MySQL servers.WordPress plugin is an application...

WordPress Plugin Campaign Monitor Forms by Optin Cat Access Control Error Vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. WordPress is a blogging platform developed in the PHP language that supports personal blogs on PHP and MySQL servers.WordPress plugin is an application...

Appointment booking addon for Gravity Forms <= 1.9.5.1 - Admin+ Stored XSS

Description The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup PoC The "Translations" settings of the...

WordPress Plugin Database for Contact Form 7, WPforms, Elementor forms SQL Injection Vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. WordPress Plugin Database for Contact Form ...

Appointment booking addon for Gravity Forms <= 1.9.5.1 - Admin+ Stored XSS

Description The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup The "Translations" settings of the...