CVE-2020-36712 Kali Forms <= 2.1.1 - Unauthenticated Arbitrary Post Deletion

The Kali Forms plugin for WordPress is vulnerable to Unauthenticated Arbitrary Post Deletion in versions up to, and including, 2.1.1. This is due to the kaliformsformdeleteuploadedfile function lacking any privilege or user protections. This makes it possible for unauthenticated attackers to dele...

WordPress Plugin Kali Forms 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A security vulnerability exists in the...

WordPress Plugin Kali Forms 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. WordPress is a blogging platform developed in the PHP language that supports personal blogs on PHP and MySQL servers.WordPress plugin is an application...

PT-2023-11862 · WordPress · Kali Forms

Name of the Vulnerable Software and Affected Versions: Kali Forms plugin for WordPress versions up to, and including, 2.1.1 Description: The issue arises from the update option lacking proper authentication checks, allowing any authenticated attacker to change or delete the plugin's settings. Thi...

WordPress Plugin Flo Forms – Easy Drag & Drop Form Builder 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers running PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability exists in...

PT-2023-12478

Name of the Vulnerable Software and Affected Versions: The Flo Forms – Easy Drag & Drop Form Builder plugin for WordPress versions up to, and including, 1.0.35 Description: The issue is related to Stored Cross-Site Scripting via Options Change, which occurs when using the flo import forms options...

PT-2023-11377 · WordPress · Email Templates

Name of the Vulnerable Software and Affected Versions: Email Templates plugin for WordPress versions up to and including 1.3 Description: The issue allows attackers to perform HTML Injection, enabling them to present phishing forms or conduct cross-site request forgery attacks against site...

PT-2023-11854 · WordPress · Kali Forms

Name of the Vulnerable Software and Affected Versions: Kali Forms plugin for WordPress versions up to, and including, 2.1.1 Description: The issue arises from the kaliforms form delete uploaded file function lacking privilege or user protections, allowing unauthenticated attackers to delete any...

WordPress Plugin Kali Forms 跨站请求伪造漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers running PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability exists in...

PT-2023-11859 · WordPress · Kali Forms

Name of the Vulnerable Software and Affected Versions: Kali Forms plugin for WordPress versions up to, and including, 2.1.1 Description: The issue is due to incorrect nonce handling throughout the plugin's function, making it possible for unauthenticated attackers to access the plugin's...

The vulnerability of the maybe_unserialize() function in the Gravity Forms plugin for WordPress content management system allows a hacker to gain access to read, modify, or delete files, or execute arbitrary code.

The vulnerability of the maybeunserialize function in the Gravity Forms plugin of the WordPress content management system is related to deficiencies in the deserialization mechanism. Exploiting this vulnerability could allow an attacker to gain read, modify, or delete access to files, or execute...

Malicious code in fc-forms (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 7831dd4a2a99e2a4b2b5bc63541b0fada419350844c0faaf50991c0f5bac2713 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

CVE-2015-10117

A vulnerability, which was classified as problematic, was found in Gravity Forms DPS PxPay Plugin up to 1.4.2 on WordPress. Affected is an unknown function. The manipulation leads to cross site scripting. It is possible to launch the attack remotely. Upgrading to version 1.4.3 is able to address...

Cross site scripting

A vulnerability, which was classified as problematic, was found in Gravity Forms DPS PxPay Plugin up to 1.4.2 on WordPress. Affected is an unknown function. The manipulation leads to cross site scripting. It is possible to launch the attack remotely. Upgrading to version 1.4.3 is able to address...

CVE-2015-10117 Gravity Forms DPS PxPay Plugin cross site scripting

A vulnerability, which was classified as problematic, was found in Gravity Forms DPS PxPay Plugin up to 1.4.2 on WordPress. Affected is an unknown function. The manipulation leads to cross site scripting. It is possible to launch the attack remotely. Upgrading to version 1.4.3 is able to address...

CVE-2015-10117

The CVE-2015-10117 entry concerns Gravity Forms DPS PxPay Plugin for WordPress, affected in versions up to 1.4.2. The vulnerability is a cross-site scripting flaw due to an unknown function, enabling remote execution of an attack. Remediation is upgrading to version 1.4.3, with patch identifier 5...

WordPress Plugin Gravity Forms DPS PxPay 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site scripting...

PT-2023-10295 · WordPress · Gravity Forms Dps Pxpay Plugin

Name of the Vulnerable Software and Affected Versions: Gravity Forms DPS PxPay Plugin versions up to 1.4.2 Description: A problematic issue was found in the Gravity Forms DPS PxPay Plugin, affecting an unknown function. This issue leads to cross-site scripting and can be launched remotely...

Formidable Forms < 6.3.1 - Subscriber+ Remote Code Execution

The plugin does not adequately authorize the user or validate the plugin URL in its functionality for installing add-ons. This allows a user with a role as low as Subscriber to install and activate arbitrary plugins of arbitrary versions from the WordPress.org plugin repository onto the site,...

WordPress Gravity Forms Google Sheet Connector Plugin <= 1.3.4 is vulnerable to Cross Site Request Forgery (CSRF)

Software Gravity Forms Google Sheet Connector Type Plugin Vulnerable versions = 1.3.4 Fixed in 1.3.5 OWASP Top 10 A5: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2023-2326 Patch priority Low CVSS severity Low 5.4 Developer Claim ownership PSID 85099be455b9 Credits...