WordPress plugin NEX-Forms SQL注入漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers running PHP and MySQL.WordPress plugin is an application plugin. A SQL injection vulnerability exist...

WordPress Formidable Forms Builder Plugin < 6.1 Authentication Bypass Vulnerability

The WordPress plugin SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:strategy11:formidableformbuilder"; ifdescription...

WordPress Formidable Forms Builder Plugin < 5.5.7 CSRF Vulnerability

The WordPress plugin SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:strategy11:formidableformbuilder"; ifdescription...

WordPress Ninja Forms Plugin < 3.6.22 is vulnerable to Cross Site Scripting (XSS)

Software Ninja Forms Type Plugin Vulnerable versions 3.6.22 Fixed in 3.6.22 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-1835 Patch priority High CVSS severity High 7.1 Developer Claim ownership PSID 6f98d6f740b2 Credits Erwan LR WPScan Required...

The vulnerability of the Forms component in the Oracle Clinical Remote Data Capture system allows a intruder to disclose protected information.

The vulnerability of the Forms component in the Oracle Clinical Remote Data Capture system exists due to insufficient validation of input data. Exploiting this vulnerability could allow a malicious actor to disclose protected information remotely...

Magecart threat actor rolls out convincing modal forms

To ensnare new victims, criminals will often devise schemes that attempt to look as realistic as possible. Having said that, it is not every day that we see the fraudulent copy exceed the original piece. While following up on an ongoing Magecart credit card skimmer campaign, we were almost fooled...

WordPress NEX-Forms – Ultimate Form Builder Plugin < 8.4 is vulnerable to SQL Injection

Software NEX-Forms – Ultimate Form Builder Type Plugin Vulnerable versions 8.4 Fixed in 8.4 OWASP Top 10 A1: Injection Classification SQL Injection CVE CVE-2023-2114 Patch priority Low CVSS severity Low 7.6 Developer Claim ownership PSID 633a726244b6 Credits Alexander Schmid Required privilege...

Cross site scripting

The Easy Forms for Mailchimp WordPress plugin before 6.8.8 does not sanitise and escape some parameters before outputting them back in the response, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin...

CVE-2023-1324 Easy Forms for MailChimp < 6.8.8 - Reflected XSS

The Easy Forms for Mailchimp WordPress plugin before 6.8.8 does not sanitise and escape some parameters before outputting them back in the response, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin...

CVE-2023-1324

The CVE-2023-1324 entry concerns the Easy Forms for Mailchimp WordPress plugin (versions prior to 6.8.8). The vulnerability is a Reflected Cross-Site Scripting caused by insufficient sanitisation/escaping of certain parameters before echoing them in responses, which could be exploited against hig...

WordPress BSK Forms Blacklist Plugin <= 3.6.2 is vulnerable to SQL Injection

Software BSK Forms Blacklist Type Plugin Vulnerable versions = 3.6.2 Fixed in 3.6.3 OWASP Top 10 A1: Injection Classification SQL Injection CVE CVE-2023-30872 Patch priority Low CVSS severity Low 7.6 Developer Claim ownership PSID a296fa344510 Credits TomS Required privilege Administrator Publish...

PT-2023-6578 · WordPress · Ninja Forms Contact Form

Name of the Vulnerable Software and Affected Versions: Ninja Forms Contact Form WordPress plugin versions prior to 3.6.22 Description: The issue is related to the lack of protection of the web page structure, allowing for reflected cross-site scripting attacks. This could enable a remote attacker...

Ninja Forms < 3.6.22 - Reflected XSS

The plugin does not properly escape user input before outputting it back in an admin page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin PoC Make a logged in admin open...

WordPress plugin Easy Forms for Mailchimp 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers running PHP and MySQL.WordPress plugin is an application plugin. A cross-site scripting vulnerabilit...

PT-2023-16896 · WordPress · Easy Forms For Mailchimp

Name of the Vulnerable Software and Affected Versions: Easy Forms for Mailchimp WordPress plugin versions prior to 6.8.8 Description: The issue is related to a Reflected Cross-Site Scripting problem, where some parameters are not properly sanitised and escaped before being outputted in the...

PT-2023-12784 · Drupal · Drupal

Name of the Vulnerable Software and Affected Versions: Drupal affected versions not specified Description: The Drupal core form API evaluates form element access incorrectly under certain circumstances. This may lead to a user being able to alter data they should not have access to. No forms...

Ninja Forms < 3.6.22 - Reflected XSS

The plugin does not properly escape user input before outputting it back in an admin page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin Make a logged in admin open...

WordPress Forms Ada Plugin <= 1.0 is vulnerable to Cross Site Scripting (XSS)

Software Forms Ada Type Plugin Vulnerable versions = 1.0 Fixed in N/A OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-27613 Patch priority High CVSS severity High 7.1 Developer Claim ownership PSID e7150cfdbfda Credits Pavak Tiwari Required privilege...

CVE-2022-44631

Auth. author+ Stored Cross-Site Scripting XSS vulnerability in 1app Technologies, Inc 1app Business Forms plugin = 1.0.0 versions...

CVE-2022-44631

Auth. author+ Stored Cross-Site Scripting XSS vulnerability in 1app Technologies, Inc 1app Business Forms plugin = 1.0.0 versions...