WordPress WooCommerce Ninja Forms Product Add-ons Plugin <= 1.7.0 is vulnerable to Arbitrary File Upload

Software WooCommerce Ninja Forms Product Add-ons Type Plugin Vulnerable versions = 1.7.0 Fixed in 1.7.1 OWASP Top 10 A1: Injection Classification Arbitrary File Upload CVE CVE-2023-5601 Patch priority High CVSS severity High 10 Developer Claim ownership PSID 2bbb91735283 Credits Alexander Concha...

WooCommerce Ninja Forms Product Add-ons < 1.7.1 - Unauthenticated Arbitrary File Upload

Description The plugin does not validate the file to be uploaded, allowing any unauthenticated users to upload arbitrary files to the server, leading to RCE. PoC Make sure to have both WooCommerce and NinjaForms 3.4.34.2 NF's latest version on the 3.4 branch installed, then follow those...

Ninja Forms < 3.6.34 - Admin+ Stored XSS

Description The plugin does not sanitize and escape its label fields, which could allow high privilege users such as admin to perform Stored XSS attacks. Only users with the unfilteredhtml capability can perform this, and such users are already allowed to use JS in posts/comments etc however the...

WordPress MailChimp Forms by MailMunch Plugin <= 3.1.4 is vulnerable to Cross Site Request Forgery (CSRF)

Software MailChimp Forms by MailMunch Type Plugin Vulnerable versions = 3.1.4 Fixed in 3.1.5 OWASP Top 10 A5: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2023-45748 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID b4559bd74066 Credits Abdi...

Slick Contact Forms <= 1.3.7 - Contributor+ Stored XSS

Description The plugin does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks...

CVE-2023-44997

Cross-Site Request Forgery CSRF vulnerability in Nitin Rathod WP Forms Puzzle Captcha plugin = 4.1 versions...

CVE-2023-44997

Cross-Site Request Forgery CSRF vulnerability in Nitin Rathod WP Forms Puzzle Captcha plugin = 4.1 versions...

Cross site request forgery (csrf)

Cross-Site Request Forgery CSRF vulnerability in Nitin Rathod WP Forms Puzzle Captcha plugin = 4.1 versions...

CVE-2023-44997 WordPress WP Forms Puzzle Captcha Plugin <= 4.1 is vulnerable to Cross Site Request Forgery (CSRF)

Cross-Site Request Forgery CSRF vulnerability in Nitin Rathod WP Forms Puzzle Captcha plugin = 4.1 versions...

CVE-2023-44997

Summary (CVE-2023-44997) : A CSRF vulnerability exists in the WordPress plugin WP Forms Puzzle Captcha, affected versions

WordPress Campaign Monitor Forms Plugin < 2.5.6 is vulnerable to Broken Access Control

Software Campaign Monitor Forms Type Plugin Vulnerable versions 2.5.6 Fixed in 2.5.6 OWASP Top 10 A1: Broken Access Control Classification Broken Access Control CVE CVE-2023-5098 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 224fc6fd923e Credits Francesco Marano...

WordPress plugin WP Forms Puzzle Captcha Cross-Site Request Forgery Vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site request forger...

WP Forms Puzzle Captcha <= 4.1 - CSRF

Description The plugin does not have CSRF checks in some places, which could allow attackers to make logged in users perform unwanted actions via CSRF attacks...

Cross Site Scripting (XSS)

ConcreteCMS is vulnerable to Cross Site Scripting. The vulnerability is due to injecting a crafted script into the Forms of the Data objects. The attacker can exploit this vulnerability by injection malicious JavaScript on client side...

CVE-2023-5468

The Slick Contact Forms plugin for WordPress is vulnerable to Stored Cross-Site Scripting via 'dcscf-link' shortcode in versions up to, and including, 1.3.7 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers...

CVE-2023-5468

The Slick Contact Forms plugin for WordPress is vulnerable to Stored Cross-Site Scripting via 'dcscf-link' shortcode in versions up to, and including, 1.3.7 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers...

Cross site scripting

The Slick Contact Forms plugin for WordPress is vulnerable to Stored Cross-Site Scripting via 'dcscf-link' shortcode in versions up to, and including, 1.3.7 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers...

CVE-2023-5468

Slick Contact Forms (WordPress) is vulnerable to Stored XSS via the dcscf-link shortcode in versions up to 1.3.7 due to insufficient input sanitization and output escaping. Exploitation requires attacker with contributor-level or higher permissions, and the vulnerability can cause arbitrary scrip...

CVE-2023-5468 Slick Contact Forms <= 1.3.7 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode

The Slick Contact Forms plugin for WordPress is vulnerable to Stored Cross-Site Scripting via 'dcscf-link' shortcode in versions up to, and including, 1.3.7 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers...

WordPress Slick Contact Forms Plugin <= 1.3.7 is vulnerable to Cross Site Scripting (XSS)

Software Slick Contact Forms Type Plugin Vulnerable versions = 1.3.7 Fixed in N/A OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-5468 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 36132094a3c2 Credits Lana Codes Required...