8173 matches found
CVE-2020-36717
The Kali Forms plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.1.1. This is due to incorrect nonce handling throughout the plugin's function. This makes it possible for unauthenticated attackers to access the plugin's administrative functions v...
CVE-2020-36717
The Kali Forms plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.1.1. This is due to incorrect nonce handling throughout the plugin's function. This makes it possible for unauthenticated attackers to access the plugin's administrative functions v...
CVE-2020-36712
The Kali Forms plugin for WordPress is vulnerable to Unauthenticated Arbitrary Post Deletion in versions up to, and including, 2.1.1. This is due to the kaliformsformdeleteuploadedfile function lacking any privilege or user protections. This makes it possible for unauthenticated attackers to dele...
CVE-2020-36712
The Kali Forms plugin for WordPress is vulnerable to Unauthenticated Arbitrary Post Deletion in versions up to, and including, 2.1.1. This is due to the kaliformsformdeleteuploadedfile function lacking any privilege or user protections. This makes it possible for unauthenticated attackers to dele...
CVE-2019-25150
The Email Templates plugin for WordPress is vulnerable to HTML Injection in versions up to, and including, 1.3. This makes it possible for attackers to present phishing forms or conduct cross-site request forgery attacks against site administrators...
CVE-2019-25150
The Email Templates plugin for WordPress is vulnerable to HTML Injection in versions up to, and including, 1.3. This makes it possible for attackers to present phishing forms or conduct cross-site request forgery attacks against site administrators...
Authentication flaw
The Kali Forms plugin for WordPress is vulnerable to Authenticated Options Change in versions up to, and including, 2.1.1. This is due to the updateoption lacking proper authentication checks. This makes it possible for any authenticated attacker to change or delete the plugin's settings...
Cross site request forgery (csrf)
The Email Templates plugin for WordPress is vulnerable to HTML Injection in versions up to, and including, 1.3. This makes it possible for attackers to present phishing forms or conduct cross-site request forgery attacks against site administrators...
Cross site scripting
The Flo Forms – Easy Drag & Drop Form Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via Options Change by using the floimportformsoptions AJAX action in versions up to, and including, 1.0.35 due to insufficient input sanitization and output escaping along with missing...
Cross site request forgery (csrf)
The Kali Forms plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.1.1. This is due to incorrect nonce handling throughout the plugin's function. This makes it possible for unauthenticated attackers to access the plugin's administrative functions v...
Design/Logic Flaw
The Kali Forms plugin for WordPress is vulnerable to Unauthenticated Arbitrary Post Deletion in versions up to, and including, 2.1.1. This is due to the kaliformsformdeleteuploadedfile function lacking any privilege or user protections. This makes it possible for unauthenticated attackers to dele...
CVE-2019-25150 Email Templates <= 1.3 - HTML Injection
The Email Templates plugin for WordPress is vulnerable to HTML Injection in versions up to, and including, 1.3. This makes it possible for attackers to present phishing forms or conduct cross-site request forgery attacks against site administrators...
CVE-2020-36717 Kali Forms <= 2.1.1 - Cross-Site Request Forgery
The Kali Forms plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.1.1. This is due to incorrect nonce handling throughout the plugin's function. This makes it possible for unauthenticated attackers to access the plugin's administrative functions v...
CVE-2020-36717
The Kali Forms plugin for WordPress is vulnerable to Cross-Site Request Forgery (CSRF) due to incorrect nonce handling in its functions, affecting versions up to and including 2.1.1. This allows unauthenticated attackers to access the plugin’s administrative functions via forged requests if they ...
CVE-2020-36717 Kali Forms <= 2.1.1 - Cross-Site Request Forgery
The Kali Forms plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.1.1. This is due to incorrect nonce handling throughout the plugin's function. This makes it possible for unauthenticated attackers to access the plugin's administrative functions v...
CVE-2021-4367
CVE-2021-4367 : The Flo Forms – Easy Drag & Drop Form Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the flo_import_forms_options AJAX action in versions up to and including 1.0.35. Root cause: insufficient input sanitization and output escaping, coupled with missin...
CVE-2020-36720 Kali Forms <= 2.1.1 - Missing Authorization to Settings Update
The Kali Forms plugin for WordPress is vulnerable to Authenticated Options Change in versions up to, and including, 2.1.1. This is due to the updateoption lacking proper authentication checks. This makes it possible for any authenticated attacker to change or delete the plugin's settings...
CVE-2020-36720
The CVE concerns the Kali Forms plugin for WordPress, affected up to version 2.1.1. Root cause: the update_option function lacks proper authentication checks, allowing any authenticated attacker to change or delete plugin settings. Impact is authenticated options changes, which can affect configu...
CVE-2020-36712
The Kali Forms plugin for WordPress is vulnerable to Unauthenticated Arbitrary Post Deletion in versions up to, and including, 2.1.1. This is due to the kaliformsformdeleteuploadedfile function lacking any privilege or user protections. This makes it possible for unauthenticated attackers to dele...
CVE-2020-36712
Summary (concrete details from connected docs): CVE-2020-36712 affects the Kali Forms plugin for WordPress (versions up to 2.1.1). The root cause is the kaliforms_form_delete_uploaded_file function, which lacks any privilege or user protections, enabling unauthenticated attackers to delete any si...