8173 matches found
CVE-2023-27613
Unauth. Reflected Cross-Site Scripting XSS vulnerability in MonitorClick Forms Ada – Form Builder plugin = 1.0 versions...
Cross site scripting
Unauth. Reflected Cross-Site Scripting XSS vulnerability in MonitorClick Forms Ada – Form Builder plugin = 1.0 versions...
CVE-2023-27613 WordPress Forms Ada Plugin <= 1.0 is vulnerable to Cross Site Scripting (XSS)
Unauth. Reflected Cross-Site Scripting XSS vulnerability in MonitorClick Forms Ada – Form Builder plugin = 1.0 versions...
CVE-2023-27613
CVE-2023-27613 affects WordPress plugin Forms Ada – Form Builder (MonitorClick Forms Ada) ≤ 1.0. It is an unauthenticated, reflected Cross-Site Scripting (XSS) vulnerability caused by insufficient input sanitization, allowing injected script to be reflected in responses. Impact is limited to clie...
CVE-2023-27613 WordPress Forms Ada Plugin <= 1.0 is vulnerable to Cross Site Scripting (XSS)
Unauth. Reflected Cross-Site Scripting XSS vulnerability in MonitorClick Forms Ada – Form Builder plugin = 1.0 versions...
Gravity Forms < 2.7.4 - Unauthenticated PHP Object Injection
The plugin unserializes user input via the getfieldinput, which could allow unauthenticated users to perform PHP Object Injection when a suitable gadget is present on the blog...
PT-2023-21251 · Unknown · Monitorclick Forms Ada – Form Builder
Name of the Vulnerable Software and Affected Versions: MonitorClick Forms Ada – Form Builder plugin versions = 1.0 Description: The issue is related to an Unauth. Reflected Cross-Site Scripting XSS vulnerability. This type of vulnerability allows an attacker to inject malicious scripts into a...
WordPress plugin Forms Ada 跨站脚本漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. WordPress plugin is an application plugin that supports personal blogs on PHP and MySQL servers. A cross-site scripting vulnerability exists in WordPress...
WordPress Gravity Forms Plugin <= 2.7.3 is vulnerable to PHP Object Injection
Software Gravity Forms Type Plugin Vulnerable versions = 2.7.3 Fixed in 2.7.4 OWASP Top 10 A1: Injection Classification PHP Object Injection CVE CVE-2023-28782 Patch priority High CVSS severity High 8.3 Developer Claim ownership PSID 97930c86f0b1 Credits Rafie Muhammad Patchstack Required privile...
CVE-2023-33328 WordPress MailChimp Subscribe Forms Plugin <= 4.0.9.1 is vulnerable to Cross Site Scripting (XSS)
Auth. admin+ Stored Cross-Site Scripting XSS vulnerability in PluginOps MailChimp Subscribe Form plugin = 4.0.9.1 versions...
CVE-2023-33328 WordPress MailChimp Subscribe Forms Plugin <= 4.0.9.1 is vulnerable to Cross Site Scripting (XSS)
Auth. admin+ Stored Cross-Site Scripting XSS vulnerability in PluginOps MailChimp Subscribe Form plugin = 4.0.9.1 versions...
CVE-2023-28413
Directory traversal vulnerability in Snow Monkey Forms versions v5.0.6 and earlier allows a remote unauthenticated attacker to obtain sensitive information, alter the website, or cause a denial-of-service DoS condition...
CVE-2023-28413
Directory traversal vulnerability in Snow Monkey Forms versions v5.0.6 and earlier allows a remote unauthenticated attacker to obtain sensitive information, alter the website, or cause a denial-of-service DoS condition...
Directory traversal
Directory traversal vulnerability in Snow Monkey Forms versions v5.0.6 and earlier allows a remote unauthenticated attacker to obtain sensitive information, alter the website, or cause a denial-of-service DoS condition...
CVE-2023-28413
Directory traversal vulnerability in Snow Monkey Forms versions v5.0.6 and earlier allows a remote unauthenticated attacker to obtain sensitive information, alter the website, or cause a denial-of-service DoS condition...
CVE-2023-28413
CVE-2023-28413 affects Snow Monkey Forms (WordPress plugin) up to v5.0.6. The issue is a directory traversal via the view REST endpoint that can let an unauthenticated remote attacker disclose sensitive data, modify the site, or trigger DoS. Some connected sources indicate the vulnerability was r...
PT-2023-21701 · Unknown · Snow Monkey Forms
Name of the Vulnerable Software and Affected Versions: Snow Monkey Forms versions v5.0.6 and earlier Description: A directory traversal vulnerability allows a remote unauthenticated attacker to obtain sensitive information, alter the website, or cause a denial-of-service DoS condition...
CVE-2023-28413
Directory traversal vulnerability in Snow Monkey Forms versions v5.0.6 and earlier allows a remote unauthenticated attacker to obtain sensitive information, alter the website, or cause a denial-of-service DoS condition...
WordPress MailChimp Subscribe Forms Plugin <= 4.0.9.1 is vulnerable to Cross Site Scripting (XSS)
Software MailChimp Subscribe Forms Type Plugin Vulnerable versions = 4.0.9.1 Fixed in 4.0.9.2 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-33328 Patch priority Low CVSS severity Low 5.9 Developer Claim ownership PSID 713b44e2af64 Credits Rio...
MailChimp Subscribe Forms < 4.0.9.2 - Admin+ Stored XSS
The plugin does not sanitize and escape some fields in the plugin settings, which could allow high-privilege users such as an administrator to inject arbitrary web scripts even when the unfilteredhtml capability is disallowed for example in a multisite setup...