CVE-2023-28781

Unauth. Stored Cross-Site Scripting XSS vulnerability in Cimatti Consulting WordPress Contact Forms by Cimatti plugin = 1.5.4 versions...

CVE-2023-28789

Unauth. Reflected Cross-Site Scripting XSS vulnerability in Cimatti Consulting WordPress Contact Forms by Cimatti plugin = 1.5.4 versions...

CVE-2023-28781

Unauth. Stored Cross-Site Scripting XSS vulnerability in Cimatti Consulting WordPress Contact Forms by Cimatti plugin = 1.5.4 versions...

Cross site scripting

Unauth. Stored Cross-Site Scripting XSS vulnerability in Cimatti Consulting WordPress Contact Forms by Cimatti plugin = 1.5.4 versions...

Cross site scripting

Unauth. Reflected Cross-Site Scripting XSS vulnerability in Cimatti Consulting WordPress Contact Forms by Cimatti plugin = 1.5.4 versions...

CVE-2023-28789

CVE-2023-28789 affects the WordPress plugin Contact Forms by Cimatti (

CVE-2023-28781 WordPress Contact Forms by Cimatti Plugin <= 1.5.4 is vulnerable to Cross Site Scripting (XSS)

Unauth. Stored Cross-Site Scripting XSS vulnerability in Cimatti Consulting WordPress Contact Forms by Cimatti plugin = 1.5.4 versions...

CVE-2023-28781

CVE-2023-28781 corresponds to an unauthenticated stored XSS in WordPress Contact Forms by Cimatti (Cimatti Consulting) plugin, affected versions

WordPress Formidable Forms Plugin <= 6.1.2 is vulnerable to PHP Object Injection

Software Formidable Forms Type Plugin Vulnerable versions = 6.1.2 Fixed in 6.2 OWASP Top 10 A1: Injection Classification PHP Object Injection CVE CVE-2023-1405 Patch priority High CVSS severity High 9.8 Developer Claim ownership PSID e0f1ba3999f1 Credits Nguyen Huu Do Required privilege...

WordPress plugin Contact Forms by Cimatti 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A cross-site scripting vulnerability exists...

WordPress plugin Contact Forms by Cimatti 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A cross-site scripting vulnerability exists...

AZL-26028 CVE-2023-24536 affecting package msft-golang for versions less than 1.20.7-1

Multipart form parsing can consume large amounts of CPU and memory when processing form inputs containing very large numbers of parts. This stems from several causes: 1. mime/multipart.Reader.ReadForm limits the total memory a parsed multipart form can consume. ReadForm can undercount the amount ...

CVE-2023-23981

Auth. admin+ Stored Cross-Site Scripting XSS vulnerability in QuantumCloud Conversational Forms for ChatBot plugin = 1.1.6 versions...

CVE-2023-23981

Auth. admin+ Stored Cross-Site Scripting XSS vulnerability in QuantumCloud Conversational Forms for ChatBot plugin = 1.1.6 versions...

Cross site scripting

Auth. admin+ Stored Cross-Site Scripting XSS vulnerability in QuantumCloud Conversational Forms for ChatBot plugin = 1.1.6 versions...

CVE-2023-23981 WordPress Conversational Forms for ChatBot Plugin <= 1.1.6 is vulnerable to Cross Site Scripting (XSS)

Auth. admin+ Stored Cross-Site Scripting XSS vulnerability in QuantumCloud Conversational Forms for ChatBot plugin = 1.1.6 versions...

CVE-2023-23981

CVE-2023-23981 affects the WordPress plugin Conversational Forms for ChatBot (versions

CVE-2023-23981 WordPress Conversational Forms for ChatBot Plugin <= 1.1.6 is vulnerable to Cross Site Scripting (XSS)

Auth. admin+ Stored Cross-Site Scripting XSS vulnerability in QuantumCloud Conversational Forms for ChatBot plugin = 1.1.6 versions...

WordPress Optin Forms Plugin <= 1.3.2 is vulnerable to Cross Site Scripting (XSS)

Software Optin Forms Type Plugin Vulnerable versions = 1.3.2 Fixed in 1.3.3 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-29434 Patch priority Low CVSS severity Low 5.9 Developer Claim ownership PSID ed92b069f26e Credits Rio Darmawan Required...

Formidable Forms < 6.2 - Unauthenticated PHP Object Injection

The plugin unserializes user input, which could allow anonymous users to perform PHP Object Injection when a suitable gadget is present. To simulate a gadget chain, put the following code in a plugin: class Evil public function wakeup : void die"Arbitrary deserialization"; 1. Active this plugin a...