PT-2023-18880 · WordPress · Elementor Forms Google Sheet Connector +1

Name of the Vulnerable Software and Affected Versions: Elementor Forms Google Sheet Connector WordPress plugin versions prior to 1.0.7 gsheetconnector-for-elementor-forms-pro WordPress plugin versions prior to 1.0.7 Description: The issue is related to Reflected Cross-Site Scripting, which occurs...

PT-2023-18911 · WordPress · Ninja Forms Google Sheet Connector +1

Name of the Vulnerable Software and Affected Versions: Ninja Forms Google Sheet Connector WordPress plugin versions prior to 1.2.7 gsheetconnector-ninja-forms-pro WordPress plugin versions prior to 1.2.7 Description: The issue is related to a Reflected Cross-Site Scripting problem, where a...

XWiki Commons 跨站脚本漏洞

XWiki Commons is a technology library shared by several other top-level XWiki projects of the French XWiki Foundation. A cross-site scripting vulnerability exists in XWiki Commons versions 9.6-rc-1 through 14.10.6 and 15.0-rc-1 through 15.2-rc-1, which stems from the inclusion of HTML cleaners in...

WordPress Formidable Forms Plugin < 6.3.1 RCE Vulnerability

The WordPress plugin SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:strategy11:formidableformbuilder"; ifdescription...

Exploit for CVE-2023-2877

CVE-2023-2877 Formidable Forms 6.3.1 - Subscriber+ Remote...

CVE-2023-32623

Directory traversal vulnerability in Snow Monkey Forms v5.1.1 and earlier allows a remote unauthenticated attacker to delete arbitrary files on the server...

CVE-2023-32623

Directory traversal vulnerability in Snow Monkey Forms v5.1.1 and earlier allows a remote unauthenticated attacker to delete arbitrary files on the server...

Directory traversal

Directory traversal vulnerability in Snow Monkey Forms v5.1.1 and earlier allows a remote unauthenticated attacker to delete arbitrary files on the server...

CVE-2023-32623

Directory traversal vulnerability in Snow Monkey Forms v5.1.1 and earlier allows a remote unauthenticated attacker to delete arbitrary files on the server...

CVE-2023-32623

Directory traversal vulnerability in Snow Monkey Forms v5.1.1 and earlier allows a remote unauthenticated attacker to delete arbitrary files on the server...

CVE-2023-32623

CVE-2023-32623 concerns Snow Monkey Forms. The vulnerability is a directory traversal in Snow Monkey Forms v5.1.1 and earlier, allowing a remote unauthenticated attacker to delete arbitrary files on the server. Several connected sources confirm the affected product/version and impact, reinforcing...

PT-2023-23919 · Unknown · Snow Monkey Forms

Name of the Vulnerable Software and Affected Versions: Snow Monkey Forms versions v5.1.1 and earlier Description: The issue allows a remote unauthenticated attacker to delete arbitrary files on the server due to a directory traversal vulnerability. Recommendations: For Snow Monkey Forms versions...

Search Autocomplete - Moderately critical - Cross Site Scripting - SA-CONTRIB-2023-026

This module enables you to use complex autocompletion in forms. The module doesn't sufficiently filter text in the data it exposes, allowing a malicious user to enter specially crafted tags to exploit a Cross Site Scripting XSS attack. This vulnerability is mitigated by the fact that an attacker...

CVE-2023-2877

The Formidable Forms WordPress plugin before 6.3.1 does not adequately authorize the user or validate the plugin URL in its functionality for installing add-ons. This allows a user with a role as low as Subscriber to install and activate arbitrary plugins of arbitrary versions from the...

CVE-2023-2877

The Formidable Forms WordPress plugin before 6.3.1 does not adequately authorize the user or validate the plugin URL in its functionality for installing add-ons. This allows a user with a role as low as Subscriber to install and activate arbitrary plugins of arbitrary versions from the...

CVE-2023-2326

The Gravity Forms Google Sheet Connector WordPress plugin before 1.3.5, gsheetconnector-gravityforms-pro WordPress plugin through 1.3.5 does not have CSRF check when updating its Access Code, which could allow attackers to make logged in admin change the access code to an arbitrary one via a CSRF...

Remote code execution

The Formidable Forms WordPress plugin before 6.3.1 does not adequately authorize the user or validate the plugin URL in its functionality for installing add-ons. This allows a user with a role as low as Subscriber to install and activate arbitrary plugins of arbitrary versions from the...

CVE-2023-2326

The CVE-2023-2326 issue affects Gravity Forms Google Sheet Connector (and gsheetconnector-gravityforms-pro) WordPress plugins, where updating the Access Code lacked a CSRF check. This governance-level flaw could allow a logged-in administrator to change the Access Code to an arbitrary value via C...

CVE-2023-2326 Gravity Forms Google Sheet Connector < 1.3.5 - Access Code Update via CSRF

The Gravity Forms Google Sheet Connector WordPress plugin before 1.3.5, gsheetconnector-gravityforms-pro WordPress plugin through 1.3.5 does not have CSRF check when updating its Access Code, which could allow attackers to make logged in admin change the access code to an arbitrary one via a CSRF...

CVE-2023-2326 Gravity Forms Google Sheet Connector < 1.3.5 - Access Code Update via CSRF

The Gravity Forms Google Sheet Connector WordPress plugin before 1.3.5, gsheetconnector-gravityforms-pro WordPress plugin through 1.3.5 does not have CSRF check when updating its Access Code, which could allow attackers to make logged in admin change the access code to an arbitrary one via a CSRF...