8173 matches found
Easy Forms for Mailchimp < 6.8.9 - Reflected XSS
The plugin does not sanitise and escape a parameter before outputting it back in the page when the debug option is enabled, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin. When the debug settings is enabled ie...
CVE-2023-2735
The Groundhogg plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'ghform' shortcode in versions up to, and including, 2.7.9.8 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with...
CVE-2023-2735
The Groundhogg plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'ghform' shortcode in versions up to, and including, 2.7.9.8 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with...
CVE-2023-2735
The Groundhogg plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'ghform' shortcode in versions up to, and including, 2.7.9.8 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with...
Cross site scripting
The Groundhogg plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'ghform' shortcode in versions up to, and including, 2.7.9.8 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with...
CVE-2023-2735 Groundhogg <= 2.7.9.8 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode
The Groundhogg plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'ghform' shortcode in versions up to, and including, 2.7.9.8 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with...
CVE-2023-2735
Groundhogg for WordPress (Plugin) is affected by CVE-2023-2735: Stored XSS via the gh_form shortcode in versions
CVE-2023-2735 Groundhogg <= 2.7.9.8 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode
The Groundhogg plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'ghform' shortcode in versions up to, and including, 2.7.9.8 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with...
CVE-2023-2706
The OTP Login Woocommerce & Gravity Forms plugin for WordPress is vulnerable to authentication bypass. This is due to the fact that when generating OTP codes for users to use in order to login via phone number, the plugin returns these codes in an AJAX response. This makes it possible for...
Authentication flaw
The OTP Login Woocommerce & Gravity Forms plugin for WordPress is vulnerable to authentication bypass. This is due to the fact that when generating OTP codes for users to use in order to login via phone number, the plugin returns these codes in an AJAX response. This makes it possible for...
CVE-2023-2706
CVE-2023-2706 concerns the OTP Login Woocommerce & Gravity Forms plugin for WordPress. The vulnerability is an authentication bypass where OTP codes generated for login via phone numbers are returned in an AJAX response, enabling unauthenticated attackers to obtain administrator login codes if th...
WordPress Easy Forms for Mailchimp Plugin <= 6.8.8 is vulnerable to Cross Site Scripting (XSS)
Software Easy Forms for Mailchimp Type Plugin Vulnerable versions = 6.8.8 Fixed in 6.8.9 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-23900 Patch priority Medium CVSS severity Medium 5.8 Developer Claim ownership PSID d4b18f8ce4ea Credits Rafie...
WordPress plugin OTP Login Woocommerce & Gravity Forms 授权问题漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. WordPress is a blogging platform developed in the PHP language that supports personal blogs on PHP and MySQL servers.WordPress plugin is an application...
Updated python-django packages fix security vulnerability
Passing certain inputs e.g., an excessive number of parts to multipart forms could result in too many open files or memory exhaustion, and provided a potential vector for a denial-of-service attack. CVE-2023-24580 Bypass of validation when using one form field to upload multiple files. This...
WordPress OTP Login Woocommerce & Gravity Forms Plugin <= 2.2 is vulnerable to Privilege Escalation
Software OTP Login Woocommerce & Gravity Forms Type Plugin Vulnerable versions = 2.2 Fixed in 2.3 OWASP Top 10 A2: Broken Authentication Classification Privilege Escalation CVE CVE-2023-2706 Patch priority Low CVSS severity Low 8.1 Developer Claim ownership PSID cdf1600db409 Credits István Márton...
Jenkins NS-ND Integration Performance Publisher Plugin 安全漏洞
Jenkins and Jenkins Plugin are both Jenkins open source products.Jenkins is a software application . An open source automation server Jenkins provides hundreds of plugins to support building, deploying, and automating any project.Jenkins Plugin is a software application. A security vulnerability...
Jenkins Code Dx Plugin 安全漏洞
Jenkins and Jenkins Plugin are both Jenkins open source products.Jenkins is a software application . An open source automation server Jenkins provides hundreds of plugins to support building, deploying, and automating any project.Jenkins Plugin is a software application. A security vulnerability...
WordPress Ninja Forms Contact Form Plugin < 3.6.22 XSS Vulnerability
The WordPress plugin SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:ninjaforms:contactform"; ifdescription...
CVE-2023-1835
The Ninja Forms Contact Form WordPress plugin before 3.6.22 does not properly escape user input before outputting it back in an admin page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin...
CVE-2023-1835
The Ninja Forms Contact Form WordPress plugin before 3.6.22 does not properly escape user input before outputting it back in an admin page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin...