8173 matches found
CVE-2023-5134
The Easy Registration Forms for WordPress is vulnerable to Information Disclosure via the 'erformsusermeta' shortcode in versions up to, and including, 2.1.1 due to insufficient controls on the information retrievable via the shortcode. This makes it possible for authenticated attackers, with...
CVE-2023-5134
The Easy Registration Forms for WordPress is vulnerable to Information Disclosure via the 'erformsusermeta' shortcode in versions up to, and including, 2.1.1 due to insufficient controls on the information retrievable via the shortcode. This makes it possible for authenticated attackers, with...
CVE-2023-5134
CVE-2023-5134 affects the WordPress plugin “Easy Registration Forms”. The vulnerability stems from insufficient access controls on the shortcodes, specifically the erforms_user_meta shortcode. Versions up to and including 2.1.1 are susceptible. With subscriber-level capabilities or higher, an aut...
CVE-2023-5134 Easy Registration Forms <= 2.1.1 - Authenticated (Subscriber+) Information Disclosure via Shortcode
The Easy Registration Forms for WordPress is vulnerable to Information Disclosure via the 'erformsusermeta' shortcode in versions up to, and including, 2.1.1 due to insufficient controls on the information retrievable via the shortcode. This makes it possible for authenticated attackers, with...
WordPress plugin Easy Registration Forms Information Disclosure Vulnerability
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. An information disclosure vulnerability...
PT-2023-31786 · WordPress · Easy Registration Forms
Name of the Vulnerable Software and Affected Versions: Easy Registration Forms for WordPress versions up to, and including, 2.1.1 Description: The issue allows authenticated attackers with subscriber-level capabilities or above to retrieve arbitrary sensitive user meta via the erforms user meta...
Everest Forms Plugin for WordPress < 1.8.0 Reflected Cross-Site Scripting
The WordPress Everest Forms Plugin installed on the remote host does not sanitize user supplied input in the status parameter before outputting it, leading to a Reflected Cross-Site Scripting vulnerability. Note that the scanner has not tested for these issues but has instead relied only on the...
Description of the security update for SharePoint Server Subscription Edition: September 12, 2023 (KB5002474)
Description of the security update for SharePoint Server Subscription Edition: September 12, 2023 KB5002474 Summary This security update resolves a Microsoft SharePoint Server elevation of privilege vulnerability. To learn more about the vulnerability, see Microsoft Common Vulnerabilities and...
CVE-2023-2705 Appointment booking addon for Gravity Forms < 1.10.0 - Reflected Cross-Site Scripting
The gAppointments WordPress plugin before 1.10.0 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against admin...
CVE-2023-2705 Appointment booking addon for Gravity Forms < 1.10.0 - Reflected Cross-Site Scripting
The gAppointments WordPress plugin before 1.10.0 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against admin...
WordPress plugin Appointment booking addon for Gravity Forms Cross Site Scripting Vulnerability
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A cross-site scripting vulnerability exists...
WordPress Ninja Forms Contact Form Plugin < 3.6.26 Multiple Vulnerabilities
The WordPress plugin SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:ninjaforms:contactform"; ifdescription...
CVE-2023-4109
The Ninja Forms WordPress Ninja Forms Contact Form WordPress plugin before 3.6.26 was affected by a HTML Injection security vulnerability...
CVE-2023-4109
The Ninja Forms WordPress Ninja Forms Contact Form WordPress plugin before 3.6.26 was affected by a HTML Injection security vulnerability...
Design/Logic Flaw
The Ninja Forms WordPress Ninja Forms Contact Form WordPress plugin before 3.6.26 was affected by a HTML Injection security vulnerability...
CVE-2023-4109 Ninja Forms < 3.6.26 - Admin+ Stored HTML Injection
The Ninja Forms WordPress Ninja Forms Contact Form WordPress plugin before 3.6.26 was affected by a HTML Injection security vulnerability...
CVE-2023-4109 Ninja Forms < 3.6.26 - Admin+ Stored HTML Injection
The Ninja Forms WordPress Ninja Forms Contact Form WordPress plugin before 3.6.26 was affected by a HTML Injection security vulnerability...
CVE-2023-4109
CVE-2023-4109 affects the WordPress plugin Ninja Forms Contact Form (Ninja Forms) prior to 3.6.26. The vulnerability is described as a HTML Injection issue. Public details list an attack vector of network, with no availability impact, and low confidentiality and integrity impact (C:L, I:L, A:N). ...
WordPress plugin Ninja Forms 安全漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. WordPress is a blogging platform developed in the PHP language that supports personal blogs on PHP and MySQL servers.WordPress plugin is an application...
PT-2023-27779 · WordPress · Ninja Forms Contact Form
Name of the Vulnerable Software and Affected Versions: Ninja Forms Contact Form WordPress plugin versions prior to 3.6.26 Description: The issue is related to a HTML Injection security vulnerability. Recommendations: For versions prior to 3.6.26, update to version 3.6.26 or later to resolve the...