8173 matches found
WordPress Newsletter, SMTP, Email marketing and Subscribe forms Plugin < 3.1.25 XSS Vulnerability
The WordPress plugin SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:sendinblue:newsletter%2csmtp%2cemailmarketingandsubscribe"; ...
WordPress Newsletter, SMTP, Email marketing and Subscribe forms Plugin < 3.1.31 XSS Vulnerability
The WordPress plugin SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:sendinblue:newsletter%2csmtp%2cemailmarketingandsubscribe"; ...
WordPress plugin Flo Forms - Easy Drag & Drop Form Builder 跨站脚本漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers running PHP and MySQL. WordPress plugin is an application plugin. A cross-site scripting vulnerabili...
Adobe Experience Manager cross-site scripting vulnerability (CNVD-2023-100302)
Adobe Experience Manager AEM is a set of content management solutions that can be used to build websites, mobile applications and forms from the American company Audobee Adobe. The program supports mobile content management, marketing and sales campaign management and multi-site management. A...
WordPress Flo Forms Plugin <= 1.0.40 is vulnerable to Cross Site Scripting (XSS)
Software Flo Forms Type Plugin Vulnerable versions = 1.0.40 Fixed in 1.0.41 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-35095 Patch priority Low CVSS severity Low 5.9 Developer Claim ownership PSID 80a812c3a1fb Credits yuyudhn Required privilege...
Apache Struts vulnerable to memory exhaustion
Denial of service via out of memory OOM owing to no sanity limit on normal form fields in multipart forms. When a Multipart request has non-file normal form fields, Struts used to bring them into memory as Strings without checking their sizes. This could lead to an OOM if developer has set...
GHSA-4G42-GQRG-4633 Apache Struts vulnerable to memory exhaustion
Denial of service via out of memory OOM owing to no sanity limit on normal form fields in multipart forms. When a Multipart request has non-file normal form fields, Struts used to bring them into memory as Strings without checking their sizes. This could lead to an OOM if developer has set...
CVE-2023-34396 Apache Struts: DoS via OOM owing to no sanity limit on normal form fields in multipart forms
Allocation of Resources Without Limits or Throttling vulnerability in Apache Software Foundation Apache Struts.This issue affects Apache Struts: through 2.5.30, through 6.1.2. Upgrade to Struts 2.5.31 or 6.1.2.1 or greater...
CVE-2023-34396 Apache Struts: DoS via OOM owing to no sanity limit on normal form fields in multipart forms
Allocation of Resources Without Limits or Throttling vulnerability in Apache Software Foundation Apache Struts.This issue affects Apache Struts: through 2.5.30, through 6.1.2. Upgrade to Struts 2.5.31 or 6.1.2.1 or greater...
CVE-2023-2563
The WordPress Contact Forms by Cimatti plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.5.7. This is due to missing or incorrect nonce validation on the function accuaformsformeditaction. This makes it possible for unauthenticated attackers to...
CVE-2023-2563
The WordPress Contact Forms by Cimatti plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.5.7. This is due to missing or incorrect nonce validation on the function accuaformsformeditaction. This makes it possible for unauthenticated attackers to...
CVE-2023-2563
The WordPress Contact Forms by Cimatti plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.5.7. This is due to missing or incorrect nonce validation on the function accuaformsformeditaction. This makes it possible for unauthenticated attackers to...
Cross site request forgery (csrf)
The WordPress Contact Forms by Cimatti plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.5.7. This is due to missing or incorrect nonce validation on the function accuaformsformeditaction. This makes it possible for unauthenticated attackers to...
CVE-2023-2563 WordPress Contact Forms by Cimatti <= 1.5.7 - Cross-Site Request Forgery via _accua_forms_form_edit_action
The WordPress Contact Forms by Cimatti plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.5.7. This is due to missing or incorrect nonce validation on the function accuaformsformeditaction. This makes it possible for unauthenticated attackers to...
CVE-2023-2563 WordPress Contact Forms by Cimatti <= 1.5.7 - Cross-Site Request Forgery via _accua_forms_form_edit_action
The WordPress Contact Forms by Cimatti plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.5.7. This is due to missing or incorrect nonce validation on the function accuaformsformeditaction. This makes it possible for unauthenticated attackers to...
CVE-2023-2563
CVE-2023-2563 relates to the WordPress plugin WordPress Contact Forms by Cimatti. It is a Cross-Site Request Forgery (CSRF) vulnerability in versions up to and including 1.5.7 caused by missing/incorrect nonce validation in the function _accua_forms_form_edit_action. This flaw allows unauthentica...
WordPress Contact Forms by Cimatti Plugin <= 1.5.7 is vulnerable to Cross Site Request Forgery (CSRF)
Software Contact Forms by Cimatti Type Plugin Vulnerable versions = 1.5.7 Fixed in 1.5.8 OWASP Top 10 A5: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2023-2563 Patch priority Low CVSS severity Low 4.3 Developer Cimatti Consulting PSID 97f12f8b32ae Credits Marco...
WordPress plugin Contact Forms by Cimatti 跨站请求伪造漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. Cross-site request forgery vulnerability...
WordPress Contact Forms by Cimatti Plugin <= 1.5.7 is vulnerable to Broken Access Control
Software Contact Forms by Cimatti Type Plugin Vulnerable versions = 1.5.7 Fixed in 1.5.8 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2023-35051 Patch priority Low CVSS severity Low 5.4 Developer Cimatti Consulting PSID df5ca4f315dc Credits Abdi Pranata...
WordPress Contact Forms by Cimatti < 1.5.8 - Cross-Site Request Forgery
The plugin does not have CSRF checks in some places, which could allow attackers to make logged in users perform unwanted actions via CSRF attacks...