CVE-2022-3154

CVE-2022-3154 affects multiple WordPress plugins related to Billingo integration: Woo Billingo Plus (pre-4.4.5.4), Integration for Billingo & Gravity Forms (pre-1.0.4), and Integration for Szamlazz.hu & Gravity Forms (pre-1.2.7). The root cause is lack of CSRF checks in various AJAX actions, enab...

WordPress CRM Perks Forms plugin <= 1.1.0 - Reflected Cross-Site Scripting (XSS) vulnerability

Reflected Cross-Site Scripting XSS vulnerability discovered by Tien Nguyen Anh Patchstack Alliance in WordPress CRM Perks Forms plugin versions = 1.1.0. Solution Update the WordPress CRM Perks Forms plugin to the latest available version at least 1.1.1...

Contact Bank <= 3.0.30 - Admin+ Stored Cross-Site Scripting

The plugin does not sanitise and escape some of its Form settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup PoC Create/edit a form and put the following...

WordPress Ninja Forms Plugin < 3.6.13 Insecure Deserialization Vulnerability

The WordPress plugin Ninja Forms is prone to an insecure deserialization vulnerability. SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...

CVE-2022-2903

The Ninja Forms Contact Form WordPress plugin before 3.6.13 unserialises the content of an imported file, which could lead to PHP object injections issues when an admin import intentionally or not a malicious file and a suitable gadget chain is present on the blog...

CVE-2022-2903

The Ninja Forms Contact Form WordPress plugin before 3.6.13 unserialises the content of an imported file, which could lead to PHP object injections issues when an admin import intentionally or not a malicious file and a suitable gadget chain is present on the blog...

Design/Logic Flaw

The Ninja Forms Contact Form WordPress plugin before 3.6.13 unserialises the content of an imported file, which could lead to PHP object injections issues when an admin import intentionally or not a malicious file and a suitable gadget chain is present on the blog...

CVE-2022-2903 NinjaForms < 3.6.13 - Admin+ PHP Objection Injection

The Ninja Forms Contact Form WordPress plugin before 3.6.13 unserialises the content of an imported file, which could lead to PHP object injections issues when an admin import intentionally or not a malicious file and a suitable gadget chain is present on the blog...

CVE-2022-2903

The CVE-2022-2903 entry corresponds to the WordPress Ninja Forms Contact Form plugin (versions before 3.6.13). The vulnerability is described as insecure deserialization: importing a malicious file can lead to PHP object injection if a suitable gadget chain exists on the site. Impact is documente...

WordPress plugin Ninja Forms Contact Form 代码问题漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A code issue vulnerability exists in the...

Security Bulletin: IBM Forms Viewer stack buffer overflow identified (CVE-2013-5447)

Abstract A stack buffer overflow issue has been identified in the Forms Viewer that could allow remote code execution to occur. Content A stack buffer overflow issue has been identified in the Forms Viewer that could allow remote code execution to occur VULNERABILITY DETAILS: CVEID : CVE-2013-544...

CVE-2022-36791

Authenticated contributor+ Stored Cross-Site Scripting XSS vulnerability in Awesome UG Torro Forms plugin = 1.0.16 at WordPress...

CVE-2022-36791

Authenticated contributor+ Stored Cross-Site Scripting XSS vulnerability in Awesome UG Torro Forms plugin = 1.0.16 at WordPress...

Cross site scripting

Authenticated contributor+ Stored Cross-Site Scripting XSS vulnerability in Awesome UG Torro Forms plugin = 1.0.16 at WordPress...

CVE-2022-36791 WordPress Torro Forms plugin <= 1.0.16 - Authenticated Stored Cross-Site Scripting (XSS) vulnerability

Authenticated contributor+ Stored Cross-Site Scripting XSS vulnerability in Awesome UG Torro Forms plugin = 1.0.16 at WordPress...

CVE-2022-36791

The CVE-2022-36791 entry covers a Stored Cross-Site Scripting (XSS) in the WordPress plugin Awesome UG Torro Forms

CVE-2022-36791 WordPress Torro Forms plugin <= 1.0.16 - Authenticated Stored Cross-Site Scripting (XSS) vulnerability

Authenticated contributor+ Stored Cross-Site Scripting XSS vulnerability in Awesome UG Torro Forms plugin = 1.0.16 at WordPress...

PT-2022-23628 · WordPress · Awesome Ug Torro Forms

Name of the Vulnerable Software and Affected Versions: Awesome UG Torro Forms plugin versions 1.0.16 and earlier Description: The issue is an Authenticated Stored Cross-Site Scripting XSS vulnerability. This means that an attacker with contributor or higher privileges can inject malicious scripts...

WordPress plugin Awesome UG Torro Forms 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site scripting...

Adobe Experience Manager Cross-Site Scripting Vulnerability (CNVD-2022-66020)

Adobe Experience Manager AEM is a content management solution from Adobe that can be used to build websites, mobile applications and forms. The solution supports mobile content management, marketing and sales campaign management, and multi-site management, etc. Adobe Experience Manager is...