CVE-2023-2701 Gravity Forms < 2.7.5 - Reflected XSS

The Gravity Forms WordPress plugin before 2.7.5 does not escape generated URLs before outputting them in attributes, leading to Reflected Cross-Site Scripting which could be used against high-privileged users such as admin...

CVE-2023-2701

CVE-2023-2701 affects Gravity Forms for WordPress prior to 2.7.5. The issue is that the plugin does not escape generated URLs before outputting them in HTML attributes, causing a Reflected XSS that could target admin/high-privilege users. Remediation: upgrade to Gravity Forms 2.7.5 or later (or a...

CVE-2023-2701 Gravity Forms < 2.7.5 - Reflected XSS

The Gravity Forms WordPress plugin before 2.7.5 does not escape generated URLs before outputting them in attributes, leading to Reflected Cross-Site Scripting which could be used against high-privileged users such as admin...

CVE-2023-0439 NEX-Forms < 8.4.4 - Authenticated Stored XSS

The NEX-Forms WordPress plugin before 8.4.4 does not escape its form name, which could lead to Stored Cross-Site Scripting issues. By default only SuperAdmins in multisite / admins in single site can create forms, however there is a settings allowing them to give lower roles access to such featur...

CVE-2023-0439 NEX-Forms < 8.4.4 - Authenticated Stored XSS

The NEX-Forms WordPress plugin before 8.4.4 does not escape its form name, which could lead to Stored Cross-Site Scripting issues. By default only SuperAdmins in multisite / admins in single site can create forms, however there is a settings allowing them to give lower roles access to such featur...

CVE-2023-0439

CVE-2023-0439 affects the NEX-Forms WordPress plugin (versions prior to 8.4.4). The root cause is improper escaping of the form name, enabling a Stored XSS vulnerability. By default, only SuperAdmins/admins can create forms, but a setting can grant lower roles this ability, potentially broadening...

CVE-2023-2330

CVE-2023-2330 – Caldera Forms Google Sheets Connector (WordPress) What is affected: Caldera Forms Google Sheets Connector WordPress plugin, prior to version 1.3. Root cause: Missing CSRF protection when updating the Access Code, enabling a CSRF attack to change the access code when an admin is lo...

CVE-2023-2330 Caldera Forms Google Sheets Connector < 1.3 - Access Code Update via CSRF

The Caldera Forms Google Sheets Connector WordPress plugin before 1.3 does not have CSRF check when updating its Access Code, which could allow attackers to make logged in admin change the access code to an arbitrary one via a CSRF attack...

CVE-2023-2330 Caldera Forms Google Sheets Connector < 1.3 - Access Code Update via CSRF

The Caldera Forms Google Sheets Connector WordPress plugin before 1.3 does not have CSRF check when updating its Access Code, which could allow attackers to make logged in admin change the access code to an arbitrary one via a CSRF attack...

SUSE-SU-2023:2849-1 Security update for MozillaFirefox, MozillaFirefox-branding-SLE

This update for MozillaFirefox, MozillaFirefox-branding-SLE fixes the following issues: Changes in MozillaFirefox and MozillaFirefox-branding-SLE: This update provides Firefox Extended Support Release 115.0 ESR New: - Required fields are now highlighted in PDF forms. - Improved performance on...

PT-2023-20893 · WordPress · Gravity Forms

Name of the Vulnerable Software and Affected Versions: Gravity Forms WordPress plugin versions prior to 2.7.5 Description: The issue is related to Reflected Cross-Site Scripting, which occurs because the plugin does not properly escape generated URLs before outputting them in attributes. This cou...

WordPress plugin Caldera Forms Google Sheets Connector 跨站请求伪造漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A cross-site request forgery vulnerability...

WordPress plugin Gravity Forms 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A cross-site scripting vulnerability exists...

SUSE: Security Advisory (SUSE-SU-2023:2849-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

PT-2023-16270 · WordPress · Nex-Forms

Name of the Vulnerable Software and Affected Versions: NEX-Forms WordPress plugin versions prior to 8.4.4 Description: The issue is related to Stored Cross-Site Scripting, which could be caused by the lack of proper escaping of the form name. This could potentially be exploited by users with acce...

PT-2023-18894 · WordPress · Caldera Forms Google Sheets Connector

Name of the Vulnerable Software and Affected Versions: Caldera Forms Google Sheets Connector WordPress plugin versions prior to 1.3 Description: The issue is related to the lack of a CSRF check when updating the Access Code in the Caldera Forms Google Sheets Connector WordPress plugin. This could...

CVE-2023-38068

In JetBrains YouTrack before 2023.1.16597 captcha was not properly validated for Helpdesk forms...

CVE-2023-38068

In JetBrains YouTrack before 2023.1.16597 captcha was not properly validated for Helpdesk forms...

Design/Logic Flaw

In JetBrains YouTrack before 2023.1.16597 captcha was not properly validated for Helpdesk forms...

CVE-2023-38068

In JetBrains YouTrack before 2023.1.16597 captcha was not properly validated for Helpdesk forms...