8173 matches found
Sql injection
REDCap 12.0.26 LTS and 12.3.2 Standard allows SQL Injection via scheduling, repeatforms, purpose, apptitle, or randomization...
WordPress Ninja Forms Plugin <= 3.6.25 is vulnerable to Cross Site Scripting (XSS)
Software Ninja Forms Type Plugin Vulnerable versions = 3.6.25 Fixed in 3.6.26 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-37979 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 584a630933ad Credits Rafie Muhammad...
WordPress Ninja Forms Plugin <= 3.6.25 is vulnerable to Broken Access Control
Software Ninja Forms Type Plugin Vulnerable versions = 3.6.25 Fixed in 3.6.26 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2023-38386 Patch priority Low CVSS severity Low 7.6 Developer Claim ownership PSID 6638721a79c1 Credits Rafie Muhammad Patchstack...
WordPress Ninja Forms Plugin <= 3.6.25 is vulnerable to Broken Access Control
Software Ninja Forms Type Plugin Vulnerable versions = 3.6.25 Fixed in 3.6.26 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2023-38393 Patch priority High CVSS severity High 7.6 Developer Claim ownership PSID 44e08fdf7aed Credits Rafie Muhammad Patchstack...
WordPress Advanced Custom Fields Frontend Forms Plugin <= 1.3.4 is vulnerable to Cross Site Scripting (XSS)
Software Advanced Custom Fields Frontend Forms Type Plugin Vulnerable versions = 1.3.4 Fixed in 1.3.5 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2023-33999 Patch priority High CVSS severity High 7.1 Developer Claim ownership PSID e7bf47e904be Credits Rafie Muhammad...
WordPress WPEForm Lite – Drag and Drop Live Form Builder for Contact, Payment & Quiz Forms Plugin <= 1.6.4 is vulnerable to Cross Site Scripting (XSS)
Software WPEForm Lite – Drag and Drop Live Form Builder for Contact, Payment & Quiz Forms Type Plugin Vulnerable versions = 1.6.4 Fixed in 1.6.5 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2023-33999 Patch priority High CVSS severity High 7.1 Developer Claim ownersh...
WordPress Contact Form By Mega Forms – Drag and Drop Form Builder Plugin <= 1.1.2 is vulnerable to Cross Site Scripting (XSS)
Software Contact Form By Mega Forms – Drag and Drop Form Builder Type Plugin Vulnerable versions = 1.1.2 Fixed in 1.1.3 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2023-33999 Patch priority High CVSS severity High 7.1 Developer Claim ownership PSID 5d66bb9d8b9f...
WordPress Search Field for Gravity Forms Plugin <= 0.5 is vulnerable to Cross Site Scripting (XSS)
Software Search Field for Gravity Forms Type Plugin Vulnerable versions = 0.5 Fixed in 0.6 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2023-33999 Patch priority High CVSS severity High 7.1 Developer Claim ownership PSID 043a13d5d567 Credits Rafie Muhammad Patchstack...
WordPress WordPress Form Builder Plugin – Gutenberg Forms Plugin <= 1.3.0 is vulnerable to Cross Site Scripting (XSS)
Software WordPress Form Builder Plugin – Gutenberg Forms Type Plugin Vulnerable versions = 1.3.0 Fixed in 1.4.0 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2023-33999 Patch priority High CVSS severity High 7.1 Developer Claim ownership PSID 994f2f3ecc26 Credits Rafi...
WordPress Member Profile Forms / Custom Registration / Post From Profile in BuddyPress / BuddyBoss Plugin <= 1.4.10 is vulnerable to Cross Site Scripting (XSS)
Software Member Profile Forms / Custom Registration / Post From Profile in BuddyPress / BuddyBoss Type Plugin Vulnerable versions = 1.4.10 Fixed in 1.4.12 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2023-33999 Patch priority High CVSS severity High 7.1 Developer Cla...
WordPress DeMomentSomTres Gravity Forms Improvements Plugin <= 20170425 is vulnerable to Cross Site Scripting (XSS)
Software DeMomentSomTres Gravity Forms Improvements Type Plugin Vulnerable versions = 20170425 Fixed in 201805021810 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2023-33999 Patch priority High CVSS severity High 7.1 Developer Claim ownership PSID 477dcd7d6435 Credits...
WordPress Caldera Forms Plugin <= 1.7.4 is vulnerable to Cross Site Scripting (XSS)
Software Caldera Forms Type Plugin Vulnerable versions = 1.7.4 Fixed in 1.7.5.1 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2023-33999 Patch priority High CVSS severity High 7.1 Developer Claim ownership PSID 9b20838a06d8 Credits Rafie Muhammad Patchstack Required...
WordPress SV Forms Plugin <= 1.9.00 is vulnerable to Cross Site Scripting (XSS)
Software SV Forms Type Plugin Vulnerable versions = 1.9.00 Fixed in 2.0.02 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2023-33999 Patch priority High CVSS severity High 7.1 Developer Claim ownership PSID 3d5feaf66d74 Credits Rafie Muhammad Patchstack Required...
WordPress Form Vibes – Database Manager for Forms Plugin <= 1.4.8 is vulnerable to Cross Site Scripting (XSS)
Software Form Vibes – Database Manager for Forms Type Plugin Vulnerable versions = 1.4.8 Fixed in 1.4.9 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2023-33999 Patch priority Medium CVSS severity Medium 7.1 Developer WPVibes PSID cd425a15435a Credits Rafie Muhammad...
WordPress Forms to Sendinblue Plugin <= 5.2.2 is vulnerable to Cross Site Scripting (XSS)
Software Forms to Sendinblue Type Plugin Vulnerable versions = 5.2.2 Fixed in N/A OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2023-33999 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 455e2c223c64 Credits Rafie Muhammad Patchstack...
WordPress Contact Form 7 Multi-Step Forms Plugin < 4.3.1 is vulnerable to Cross Site Scripting (XSS)
Software Contact Form 7 Multi-Step Forms Type Plugin Vulnerable versions 4.3.1 Fixed in 4.3.1 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2023-33999 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 4442b3e885b0 Credits Rafie Muhammad...
WordPress Elementor Forms Google Sheet Connector Plugin < 1.0.9 is vulnerable to Cross Site Scripting (XSS)
Software Elementor Forms Google Sheet Connector Type Plugin Vulnerable versions 1.0.9 Fixed in 1.0.9 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2023-33999 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 998b2d169caf Credits Rafie...
WordPress Forms to Zapier, Integromat, IFTTT, Workato, Automate.io, elastic.io, Built.io, APIANT, Webhook Plugin < 6.2 is vulnerable to Cross Site Scripting (XSS)
Software Forms to Zapier, Integromat, IFTTT, Workato, Automate.io, elastic.io, Built.io, APIANT, Webhook Type Plugin Vulnerable versions 6.2 Fixed in 6.2 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2023-33999 Patch priority Medium CVSS severity Medium 7.1 Developer...
WordPress WP Tools Gravity Forms Divi Module Plugin < 7.1.0 is vulnerable to Cross Site Scripting (XSS)
Software WP Tools Gravity Forms Divi Module Type Plugin Vulnerable versions 7.1.0 Fixed in 7.1.0 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2023-33999 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 864bb6f8df63 Credits Rafie Muhammad...
WordPress Gravity Forms Sticky List Plugin <= 1.5.2 is vulnerable to Cross Site Scripting (XSS)
Software Gravity Forms Sticky List Type Plugin Vulnerable versions = 1.5.2 Fixed in N/A OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2023-33999 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 70cee7cd7d21 Credits Rafie Muhammad Patchstac...