WordPress plugin Slick Contact Forms cross-site scripting vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A cross-site scripting vulnerability exists...

PT-2023-32123 · WordPress · Slick Contact Forms

Name of the Vulnerable Software and Affected Versions: Slick Contact Forms plugin for WordPress versions up to, and including, 1.3.7 Description: The issue is related to Stored Cross-Site Scripting via the 'dcscf-link' shortcode due to insufficient input sanitization and output escaping on...

Campaign Monitor Forms < 2.5.6 - Subscriber+ Arbitrary Options Update

Description The plugin does not prevent users with low privileges like subscribers from overwriting any options on a site with the string "true", which could lead to a variety of outcomes, including DoS. PoC Once the site gets at least 25 conversions using the plugin, a notice will show up on the...

Campaign Monitor Forms < 2.5.6 - Subscriber+ Arbitrary Options Update

Description The plugin does not prevent users with low privileges like subscribers from overwriting any options on a site with the string "true", which could lead to a variety of outcomes, including DoS. Once the site gets at least 25 conversions using the plugin, a notice will show up on the...

GHSA-P4JJ-GWPG-9JWH ConcreteCMS Cross-site Scripting vulnerability

Multiple Cross Site Scripting XSS vulnerabilities in Concrete CMS v.9.2.1 allow a local attacker to execute arbitrary code via a crafted script to the Forms of the Data objects...

ConcreteCMS Cross-site Scripting vulnerability

Multiple Cross Site Scripting XSS vulnerabilities in Concrete CMS v.9.2.1 allow a local attacker to execute arbitrary code via a crafted script to the Forms of the Data objects...

WordPress Contact Form builder with drag & drop - Kali Forms Plugin <= 2.3.28 is vulnerable to Broken Access Control

Software Contact Form builder with drag & drop - Kali Forms Type Plugin Vulnerable versions = 2.3.28 Fixed in 2.3.29 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2023-45275 Patch priority Medium CVSS severity Medium 6.5 Developer Claim ownership PSID...

PT-2023-29285 · Unknown · Concrete Cms

Name of the Vulnerable Software and Affected Versions: Concrete CMS versions 8.5.13 and below Concrete CMS versions 9.0.0 through 9.2.1 Description: Multiple Cross Site Scripting XSS vulnerabilities in Concrete CMS allow a local attacker to execute arbitrary code via a crafted script to the Forms...

PT-2023-13469 · Tcman Gim · Tcman Gim

Name of the Vulnerable Software and Affected Versions: TCMAN GIM version 8.0.1 Description: The issue concerns the sReferencia, sDescripcion, txtCodigo, and txtDescripcion parameters in the "frmGestionStock.aspx" and "frmEditServicio.aspx" files, which could allow an attacker to perform persisten...

WordPress WP Forms Puzzle Captcha Plugin <= 4.1 is vulnerable to Cross Site Request Forgery (CSRF)

Software WP Forms Puzzle Captcha Type Plugin Vulnerable versions = 4.1 Fixed in N/A OWASP Top 10 A5: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2023-44997 Patch priority Low CVSS severity Low 5.4 Developer Claim ownership PSID a388bf1f7220 Credits Rio Darmawan...

CVE-2023-44474

Unauth. Reflected Cross-Site Scripting XSS vulnerability in MD Jakir Hosen Tiger Forms – Drag and Drop Form Builder plugin = 2.0.0 versions...

CVE-2023-44474

Unauth. Reflected Cross-Site Scripting XSS vulnerability in MD Jakir Hosen Tiger Forms – Drag and Drop Form Builder plugin = 2.0.0 versions...

Cross site scripting

Unauth. Reflected Cross-Site Scripting XSS vulnerability in MD Jakir Hosen Tiger Forms – Drag and Drop Form Builder plugin = 2.0.0 versions...

CVE-2023-44474 WordPress Tiger Forms Plugin <= 2.0.0 is vulnerable to Cross Site Scripting (XSS)

Unauth. Reflected Cross-Site Scripting XSS vulnerability in MD Jakir Hosen Tiger Forms – Drag and Drop Form Builder plugin = 2.0.0 versions...

CVE-2023-44474

CVE-2023-44474 concerns the Tiger Forms – Drag and Drop Form Builder WordPress plugin. The vulnerability is an unauthenticated, reflected Cross-Site Scripting (XSS) flaw affecting versions ≤ 2.0.0. Root cause details are not explicitly provided beyond the XSS classification, but public sources co...

CVE-2023-44474 WordPress Tiger Forms Plugin <= 2.0.0 is vulnerable to Cross Site Scripting (XSS)

Unauth. Reflected Cross-Site Scripting XSS vulnerability in MD Jakir Hosen Tiger Forms – Drag and Drop Form Builder plugin = 2.0.0 versions...

WordPress Plugin Tiger Forms - Drag and Drop Form Builder Cross Site Scripting Vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A cross-site scripting vulnerability exists...

Tiger Forms < 2.1.0 - Reflected XSS

Description The plugin does not sanitise and escape some parameters before outputting them back in the page, leading to Reflected Cross-Site Scripting which could be used against high privilege users such as admin...

WordPress Tiger Forms Plugin <= 2.0.0 is vulnerable to Cross Site Scripting (XSS)

Software Tiger Forms Type Plugin Vulnerable versions = 2.0.0 Fixed in 2.1.0 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2023-44474 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 5fe0f3839101 Credits SeungYongLee Required privilege...

WordPress Easy Registration Forms Plugin <= 2.1.1 is vulnerable to Sensitive Data Exposure

Software Easy Registration Forms Type Plugin Vulnerable versions = 2.1.1 Fixed in N/A OWASP Top 10 A3: Sensitive Data Exposure Classification Sensitive Data Exposure CVE CVE-2023-5134 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID a5bfe7a3054b Credits Lana Codes Required...