WordPress Multi Page Auto Advance for Gravity Forms Plugin <= 4.5.3 is vulnerable to Cross Site Scripting (XSS)

Software Multi Page Auto Advance for Gravity Forms Type Plugin Vulnerable versions = 4.5.3 Fixed in 4.5.4 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2023-33999 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID f780e1038525 Credits Rafie...

WordPress SV Gravity Forms Enhancer Plugin <= 1.9.00 is vulnerable to Cross Site Scripting (XSS)

Software SV Gravity Forms Enhancer Type Plugin Vulnerable versions = 1.9.00 Fixed in N/A OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2023-33999 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 28ef228ef004 Credits Rafie Muhammad Patchsta...

WordPress Any Popup – Popup Forms, Optins & Ads Plugin <= 1.0 is vulnerable to Cross Site Scripting (XSS)

Software Any Popup – Popup Forms, Optins & Ads Type Plugin Vulnerable versions = 1.0 Fixed in N/A OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2023-33999 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID e44a4be7d74c Credits Rafie Muhammad...

WordPress Emails Blacklist for Everest Forms Plugin < 1.0.4 is vulnerable to Cross Site Scripting (XSS)

Software Emails Blacklist for Everest Forms Type Plugin Vulnerable versions 1.0.4 Fixed in 1.0.4 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2023-33999 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID ca3c9ef88aae Credits Rafie Muhammad...

WordPress Modern Designs for Gravity Forms Plugin <= 1.1.3 is vulnerable to Cross Site Scripting (XSS)

Software Modern Designs for Gravity Forms Type Plugin Vulnerable versions = 1.1.3 Fixed in N/A OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2023-33999 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 4662a347c105 Credits Rafie Muhammad...

WordPress Store Locator Plus® – Gravity Forms Locations Plugin <= 6.1.1 is vulnerable to Cross Site Scripting (XSS)

Software Store Locator Plus® – Gravity Forms Locations Type Plugin Vulnerable versions = 6.1.1 Fixed in N/A OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2023-33999 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 896b7ec0dce4 Credits Rafi...

WordPress Custom Registration and Custom Login Forms with New Recaptcha Plugin <= 1.0.0 is vulnerable to Cross Site Scripting (XSS)

Software Custom Registration and Custom Login Forms with New Recaptcha Type Plugin Vulnerable versions = 1.0.0 Fixed in N/A OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2023-33999 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID...

WordPress Smart phone field for Gravity Forms Plugin <= 2.0 is vulnerable to Cross Site Scripting (XSS)

Software Smart phone field for Gravity Forms Type Plugin Vulnerable versions = 2.0 Fixed in 2.1 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2023-33999 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID c510b0a80922 Credits Rafie Muhammad...

WordPress Automizy Gravity Forms Plugin <= 1.0.3 is vulnerable to Cross Site Scripting (XSS)

Software Automizy Gravity Forms Type Plugin Vulnerable versions = 1.0.3 Fixed in N/A OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2023-33999 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID b6399e0d3ef8 Credits Rafie Muhammad Patchstack...

WordPress Block Styler For Gravity Forms Plugin < 6.3.0 is vulnerable to Cross Site Scripting (XSS)

Software Block Styler For Gravity Forms Type Plugin Vulnerable versions 6.3.0 Fixed in 6.3.0 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2023-33999 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID cb51772428c4 Credits Rafie Muhammad...

WordPress Ninja Forms Google Sheet Connector Plugin < 1.2.8 is vulnerable to Cross Site Scripting (XSS)

Software Ninja Forms Google Sheet Connector Type Plugin Vulnerable versions 1.2.8 Fixed in 1.2.8 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2023-33999 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 6596a374e7d4 Credits Rafie Muhammad...

WordPress Forms to Sheets Plugin <= 5.2.2 is vulnerable to Cross Site Scripting (XSS)

Software Forms to Sheets Type Plugin Vulnerable versions = 5.2.2 Fixed in N/A OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2023-33999 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID b0dac35e5d40 Credits Rafie Muhammad Patchstack Required...

CVE-2023-2701

The Gravity Forms WordPress plugin before 2.7.5 does not escape generated URLs before outputting them in attributes, leading to Reflected Cross-Site Scripting which could be used against high-privileged users such as admin...

CVE-2023-2701

The Gravity Forms WordPress plugin before 2.7.5 does not escape generated URLs before outputting them in attributes, leading to Reflected Cross-Site Scripting which could be used against high-privileged users such as admin...

CVE-2023-0439

The NEX-Forms WordPress plugin before 8.4.4 does not escape its form name, which could lead to Stored Cross-Site Scripting issues. By default only SuperAdmins in multisite / admins in single site can create forms, however there is a settings allowing them to give lower roles access to such featur...

CVE-2023-2330

The Caldera Forms Google Sheets Connector WordPress plugin before 1.3 does not have CSRF check when updating its Access Code, which could allow attackers to make logged in admin change the access code to an arbitrary one via a CSRF attack...

CVE-2023-0439

The NEX-Forms WordPress plugin before 8.4.4 does not escape its form name, which could lead to Stored Cross-Site Scripting issues. By default only SuperAdmins in multisite / admins in single site can create forms, however there is a settings allowing them to give lower roles access to such featur...

Cross site scripting

The NEX-Forms WordPress plugin before 8.4.4 does not escape its form name, which could lead to Stored Cross-Site Scripting issues. By default only SuperAdmins in multisite / admins in single site can create forms, however there is a settings allowing them to give lower roles access to such featur...

Cross site scripting

The Gravity Forms WordPress plugin before 2.7.5 does not escape generated URLs before outputting them in attributes, leading to Reflected Cross-Site Scripting which could be used against high-privileged users such as admin...

Cross site request forgery (csrf)

The Caldera Forms Google Sheets Connector WordPress plugin before 1.3 does not have CSRF check when updating its Access Code, which could allow attackers to make logged in admin change the access code to an arbitrary one via a CSRF attack...