CVE-2023-38068

In JetBrains YouTrack before 2023.1.16597 captcha was not properly validated for Helpdesk forms...

CVE-2023-2869 WP-Members Membership <= 3.4.7.3 - Missing Authorization to Settings Update

The WP-Members Membership plugin for WordPress is vulnerable to unauthorized plugin settings update due to a missing capability check on the dofieldreorder function in versions up to, and including, 3.4.7.3. This makes it possible for authenticated attackers with subscriber-level access to reorde...

CVE-2023-2869 WP-Members Membership <= 3.4.7.3 - Missing Authorization to Settings Update

The WP-Members Membership plugin for WordPress is vulnerable to unauthorized plugin settings update due to a missing capability check on the dofieldreorder function in versions up to, and including, 3.4.7.3. This makes it possible for authenticated attackers with subscriber-level access to reorde...

JetBrains YouTrack 安全漏洞

JetBrains YouTrack is a browser-based bug tracking and project management software from the Czech company JetBrains. The software features bug tracking, creating workflows and monitoring project progress. A security vulnerability exists in versions prior to JetBrains YouTrack 2023.1.16597 that...

Improve Your Security WordPress Spam Protection With CleanTalk Anti-Spam

Every website owner or webmaster grapples with the issue of spam on their website forms. The volume of spam can be so overwhelming that finding useful information within it becomes quite challenging. What exacerbates this issue is that spam can populate your public pages, appearing in comments an...

WordPress Ninja Forms Plugin <= 3.6.25 is vulnerable to Denial of Service Attack

Software Ninja Forms Type Plugin Vulnerable versions = 3.6.25 Fixed in 3.6.26 OWASP Top 10 A6: Security Misconfiguration Classification Denial of Service Attack CVE CVE-2023-35909 Patch priority Low CVSS severity Low 5.3 Developer Claim ownership PSID b6d3ff9521bb Credits PetiteMais Required...

The vulnerability of Django’s software platform’s `forms.FileField` and `forms.ImageField` components allows attackers to access sensitive data, compromise its integrity, and cause service failures.

The vulnerability of the forms.FileField and forms.ImageField components in the Django web application framework is related to insufficient validation of entered data. Exploiting this vulnerability allows an attacker to gain access to confidential data, compromise its integrity, and cause service...

CVE-2023-2324

The Elementor Forms Google Sheet Connector WordPress plugin before 1.0.7, gsheetconnector-for-elementor-forms-pro WordPress plugin through 1.0.7 does not escape some parameters before outputting them back in attributes, leading to Reflected Cross-Site Scripting which could be used against high...

CVE-2023-2333

The Ninja Forms Google Sheet Connector WordPress plugin before 1.2.7, gsheetconnector-ninja-forms-pro WordPress plugin through 1.2.7 does not escape a parameter before outputting it back in an attribute, leading to a Reflected Cross-Site Scripting which could be used against high privilege users...

CVE-2023-2324

The Elementor Forms Google Sheet Connector WordPress plugin before 1.0.7, gsheetconnector-for-elementor-forms-pro WordPress plugin through 1.0.7 does not escape some parameters before outputting them back in attributes, leading to Reflected Cross-Site Scripting which could be used against high...

CVE-2023-2333

The Ninja Forms Google Sheet Connector WordPress plugin before 1.2.7, gsheetconnector-ninja-forms-pro WordPress plugin through 1.2.7 does not escape a parameter before outputting it back in an attribute, leading to a Reflected Cross-Site Scripting which could be used against high privilege users...

Cross site scripting

The Elementor Forms Google Sheet Connector WordPress plugin before 1.0.7, gsheetconnector-for-elementor-forms-pro WordPress plugin through 1.0.7 does not escape some parameters before outputting them back in attributes, leading to Reflected Cross-Site Scripting which could be used against high...

Cross site scripting

The Ninja Forms Google Sheet Connector WordPress plugin before 1.2.7, gsheetconnector-ninja-forms-pro WordPress plugin through 1.2.7 does not escape a parameter before outputting it back in an attribute, leading to a Reflected Cross-Site Scripting which could be used against high privilege users...

CVE-2023-2324 Elementor Forms Google Sheet Connector < 1.0.7 - Reflected XSS

The Elementor Forms Google Sheet Connector WordPress plugin before 1.0.7, gsheetconnector-for-elementor-forms-pro WordPress plugin through 1.0.7 does not escape some parameters before outputting them back in attributes, leading to Reflected Cross-Site Scripting which could be used against high...

CVE-2023-2324

The CVE-2023-2324 entry concerns the Elementor Forms Google Sheet Connector (and gsheetconnector-for-elementor-forms-pro) WordPress plugins. Affected versions prior to 1.0.7 fail to escape certain parameters before echoing them in attributes, enabling Reflected Cross-Site Scripting. This could be...

CVE-2023-2324 Elementor Forms Google Sheet Connector < 1.0.7 - Reflected XSS

The Elementor Forms Google Sheet Connector WordPress plugin before 1.0.7, gsheetconnector-for-elementor-forms-pro WordPress plugin through 1.0.7 does not escape some parameters before outputting them back in attributes, leading to Reflected Cross-Site Scripting which could be used against high...

CVE-2023-2333 Ninja Forms Google Sheet Connector < 1.2.7 - Reflected XSS

The Ninja Forms Google Sheet Connector WordPress plugin before 1.2.7, gsheetconnector-ninja-forms-pro WordPress plugin through 1.2.7 does not escape a parameter before outputting it back in an attribute, leading to a Reflected Cross-Site Scripting which could be used against high privilege users...

CVE-2023-2333

The Ninja Forms Google Sheet Connector (and gsheetconnector-ninja-forms-pro) in WordPress is affected by CVE-2023-2333. The flaw arises because the plugin does not escape a parameter before echoing it into an HTML attribute, enabling a Reflected Cross‑Site Scripting vulnerability. Affected versio...

CVE-2023-2333 Ninja Forms Google Sheet Connector < 1.2.7 - Reflected XSS

The Ninja Forms Google Sheet Connector WordPress plugin before 1.2.7, gsheetconnector-ninja-forms-pro WordPress plugin through 1.2.7 does not escape a parameter before outputting it back in an attribute, leading to a Reflected Cross-Site Scripting which could be used against high privilege users...

WordPress plugin Ninja Forms Google Sheet Connector 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A cross-site scripting vulnerability exists...