8173 matches found
CVE-2023-39062
Cross Site Scripting vulnerability in Spipu HTML2PDF before v.5.2.8 allows a remote attacker to execute arbitrary code via a crafted script to the forms.php...
CVE-2023-4404
The Donation Forms by Charitable plugin for WordPress is vulnerable to privilege escalation in versions up to, and including, 1.7.0.12 due to insufficient restriction on the 'updatecoreuser' function. This makes it possible for unauthenticated attackers to specify their user role by supplying the...
WordPress Plugin Donation Forms by Charitable 安全漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A security vulnerability exists in WordPres...
Donation Forms by Charitable < 1.7.0.13 - Unauthenticated Privilege Escalation
Description The plugin does not validate parameters supplied to the updatecoreuser function, which could allow users to register an account with any role such as administrator when registering via the registration form of the plugin ie the charitableregistration shortcode embed in a page/post...
Appointment booking addon for Gravity Forms < 1.10.0 - Reflected Cross-Site Scripting
Description The plugin does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against admin PoC 1. Create a "Service" and a "Provider" under the "gAppointments" sidebar menu. 2. Create a new form within...
Appointment booking addon for Gravity Forms < 1.10.0 - Reflected Cross-Site Scripting
Description The plugin does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against admin 1. Create a "Service" and a "Provider" under the "gAppointments" sidebar menu. 2. Create a new form within Gravity...
WordPress Caldera Forms Plugin < 1.9.5 XSS Vulnerability
The WordPress plugin SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:calderaforms:calderaforms"; ifdescription...
WordPress MailChimp Forms by MailMunch Plugin <= 3.1.4 is vulnerable to Broken Access Control
Software MailChimp Forms by MailMunch Type Plugin Vulnerable versions = 3.1.4 Fixed in 3.1.5 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2023-40203 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID 1430c7736a5b Credits István Márton...
CVE-2023-23900 WordPress Easy Forms for Mailchimp Plugin <= 6.8.8 is vulnerable to Cross Site Scripting (XSS)
Unauth. Reflected Cross-Site Scripting XSS vulnerability in YIKES, Inc. Easy Forms for Mailchimp plugin = 6.8.8 versions...
CVE-2023-23900
CVE-2023-23900 — WordPress plugin YIKES, Easy Forms for Mailchimp : An unauthenticated, reflected Cross-Site Scripting (XSS) vulnerability affects the plugin versions
CVE-2023-23900 WordPress Easy Forms for Mailchimp Plugin <= 6.8.8 is vulnerable to Cross Site Scripting (XSS)
Unauth. Reflected Cross-Site Scripting XSS vulnerability in YIKES, Inc. Easy Forms for Mailchimp plugin = 6.8.8 versions...
WordPress plugin Easy Forms for Mailchimp Cross-Site Scripting Vulnerability
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site scripting vulnerability...
wger Workout Manager Cross-Site Request Forgery vulnerability
Cross Site Request Forgery CSRF vulnerability in wger Project wger Workout Manager 2.2.0a3 allows a remote attacker to gain privileges via the user-management feature in the gym/views/gym.py, templates/gym/resetuserpassword.html, templates/user/overview.html, core/views/user.py, and...
CVE-2023-38759
Cross Site Request Forgery CSRF vulnerability in wger Project wger Workout Manager 2.2.0a3 allows a remote attacker to gain privileges via the user-management feature in the gym/views/gym.py, templates/gym/resetuserpassword.html, templates/user/overview.html, core/views/user.py, and...
Ninja Forms Plugin for WordPress < 3.6.26 Multiple Vulnerabilities
The WordPress Ninja Forms Plugin installed on the remote host is affected by multiple vulnerabilities. Note that the scanner has not tested for these issues but has instead relied only on the application's self-reported version number. No source data...
Ninja Forms < 3.6.26 - Admin+ Stored HTML Injection
Description The plugin does not sanitize and escape its label fields, which could allow high privilege users such as admin to perform Stored HTML injection. Only users with the unfilteredhtml capability can perform this, and such users are already allowed to use JS in posts/comments etc however t...
Ninja Forms < 3.6.26 - Admin+ Stored HTML Injection
Description The plugin does not sanitize and escape its label fields, which could allow high privilege users such as admin to perform Stored HTML injection. Only users with the unfilteredhtml capability can perform this, and such users are already allowed to use JS in posts/comments etc however t...
Exploit for Cross-site Scripting in Ninjaforms Ninja_Forms
CVE-2023-37979 Unauth. Reflected Cross-Site...
WordPress Ninja Forms 3.6.25 Plugin - Reflected XSS Exploit
Exploit Title: WordPress Plugin Ninja Forms 3.6.25 - Reflected XSS Authenticated Google Dork: inurl:/wp-content/plugins/ninja-forms/readme.txt Exploit Author: Mehran Seifalinia Vendor Homepage: https://ninjaforms.com/ Software Link: https://downloads.wordpress.org/plugin/ninja-forms.3.6.25.zip...
WordPress Ninja Forms 3.6.25 Cross Site Scripting
Exploit Title: WordPress Plugin Ninja Forms 3.6.25 - Reflected XSS Authenticated Google Dork: inurl:/wp-content/plugins/ninja-forms/readme.txt Date: 2023-07-27 Exploit Author: Mehran Seifalinia Vendor Homepage: https://ninjaforms.com/ Software Link:...