Cross site scripting

The Ninja Forms Contact Form WordPress plugin before 3.6.22 does not properly escape user input before outputting it back in an admin page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin...

CVE-2023-1835 Ninja Forms < 3.6.22 - Reflected XSS

The Ninja Forms Contact Form WordPress plugin before 3.6.22 does not properly escape user input before outputting it back in an admin page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin...

CVE-2023-1835 Ninja Forms < 3.6.22 - Reflected XSS

The Ninja Forms Contact Form WordPress plugin before 3.6.22 does not properly escape user input before outputting it back in an admin page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin...

CVE-2023-1835

The CVE-2023-1835 entry concerns the Ninja Forms Contact Form WordPress plugin prior to 3.6.22. The connected documents provide concrete details: the vulnerability is a Reflected Cross-Site Scripting caused by insufficient input sanitization and output escaping, exposed via the page parameter and...

Multiple vulnerabilities in WordPress Plugin "MW WP Form" and "Snow Monkey Forms"

Overview WordPress Plugin "MW WP Form" and "Snow Monkey Forms" provided by Monkey Wrench Inc. contain multiple vulnerabilities listed below. Directory traversal CWE-22 - CVE-2023-28408 Unrestricted upload of file with dangerous type CWE-434 - CVE-2023-28409 Directory traversal CWE-22 -...

WordPress plugin Snow Monkey Forms 路径遍历漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. WordPress is a blogging platform developed in the PHP language that supports personal blogs on PHP and MySQL servers.WordPress plugin is an application...

WordPress plugin Ninja Forms Contact Form 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. WordPress is a blogging platform developed in the PHP language that supports personal blogs on PHP and MySQL servers.WordPress plugin is an application...

Snow Monkey Forms < 5.0.7 - Unauthenticated Path Traversal

The plugin does not validate file path, allowing unauthenticated users to upload files to arbitrary folders...

JVN#01093915: Multiple vulnerabilities in WordPress Plugin "MW WP Form" and "Snow Monkey Forms"

WordPress Plugin "MW WP Form" and "Snow Monkey Forms" provided by Monkey Wrench Inc. contain multiple vulnerabilities listed below. Directory traversal CWE-22 - CVE-2023-28408 Version| Vector| Score ---|---|--- CVSS v3| CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:L/A:L| Base Score: 7.2 CVSS v2|...

Newsletter, SMTP, Email marketing and Subscribe forms by Sendinblue < 3.1.61 - Reflected XSS

The plugin does not sanitise and escape a parameter before outputting it back in the admin dashboard when the WPML plugin is also active and configured, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin Make a logged in admin open a page...

CVE-2022-47441

CVE-2022-47441 affects the WordPress plugin Charitable Donations & Fundraising Team Donation Forms by Charitable, versions

Wordpress plugin Donation Forms by Charitable 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers running PHP and MySQL.WordPress plugin is an application plugin. A cross-site scripting vulnerabilit...

WordPress Snow Monkey Forms Plugin <= 5.0.6 is vulnerable to Directory Traversal

Software Snow Monkey Forms Type Plugin Vulnerable versions = 5.0.6 Fixed in 5.0.7 OWASP Top 10 A5: Broken Access Control Classification Directory Traversal CVE N/A Patch priority Medium CVSS severity Medium 5.3 Developer Claim ownership PSID dc1f9c2285d8 Credits Unknown Required privilege...

CVE-2023-2114

The NEX-Forms WordPress plugin before 8.4 does not properly escape the table parameter, which is populated with user input, before concatenating it to an SQL query...

CVE-2023-2114

The NEX-Forms WordPress plugin before 8.4 does not properly escape the table parameter, which is populated with user input, before concatenating it to an SQL query...

Input validation

The NEX-Forms WordPress plugin before 8.4 does not properly escape the table parameter, which is populated with user input, before concatenating it to an SQL query...

CVE-2023-2114

CVE-2023-2114 concerns the NEX-Forms WordPress plugin (pre-8.4) where the table parameter (populated with user input) is not properly escaped before being concatenated into an SQL query. Root cause: lack of input sanitization for the table parameter in the form-save workflow, enabling SQL Injecti...

CVE-2023-2114 NEX-Forms < 8.4 - Admin+ SQL Injection

The NEX-Forms WordPress plugin before 8.4 does not properly escape the table parameter, which is populated with user input, before concatenating it to an SQL query...

CVE-2023-2114 NEX-Forms < 8.4 - Admin+ SQL Injection

The NEX-Forms WordPress plugin before 8.4 does not properly escape the table parameter, which is populated with user input, before concatenating it to an SQL query...

PT-2023-17932 · WordPress · Nex-Forms

Name of the Vulnerable Software and Affected Versions: NEX-Forms WordPress plugin versions prior to 8.4 Description: The issue arises from improper escaping of the table parameter, which is populated with user input, before it is concatenated to an SQL query. Recommendations: For versions prior t...