CVE-2022-3142

The NEX-Forms WordPress plugin before 7.9.7 does not properly sanitise and escape user input before using it in SQL statements, leading to SQL injections. The attack can be executed by anyone who is permitted to view the forms statistics chart, by default administrators, however can be configured...

CVE-2022-3142

The NEX-Forms WordPress plugin before 7.9.7 does not properly sanitise and escape user input before using it in SQL statements, leading to SQL injections. The attack can be executed by anyone who is permitted to view the forms statistics chart, by default administrators, however can be configured...

CVE-2022-3142

The NEX-Forms WordPress plugin before 7.9.7 does not properly sanitise and escape user input before using it in SQL statements, leading to SQL injections. The attack can be executed by anyone who is permitted to view the forms statistics chart, by default administrators, however can be configured...

Sql injection

The NEX-Forms WordPress plugin before 7.9.7 does not properly sanitise and escape user input before using it in SQL statements, leading to SQL injections. The attack can be executed by anyone who is permitted to view the forms statistics chart, by default administrators, however can be configured...

CVE-2022-3142 NEX-Forms < 7.9.7 - Authenticated SQLi

The NEX-Forms WordPress plugin before 7.9.7 does not properly sanitise and escape user input before using it in SQL statements, leading to SQL injections. The attack can be executed by anyone who is permitted to view the forms statistics chart, by default administrators, however can be configured...

PT-2022-20737 · WordPress · Nex-Forms

Name of the Vulnerable Software and Affected Versions: NEX-Forms WordPress plugin versions prior to 7.9.7 Description: The issue arises from the plugin's failure to properly sanitise and escape user input before using it in SQL statements, leading to SQL injections. This can be exploited by anyon...

CVE-2022-3142

Affected software: NEX-Forms WordPress plugin, versions before 7.9.7. Vulnerability: SQL injection due to improper sanitisation/escaping of user input used in SQL statements. Exploitation requires permissions to view the forms statistics chart (by default administrators), with potential to be con...

WordPress plugin NEX-Forms SQL注入漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A SQL injection vulnerability exists in the...

Adobe Experience Manager Cross-Site Scripting Vulnerability (CNVD-2022-87163)

Adobe Experience Manager AEM is a content management solution from Adobe that can be used to build websites, mobile applications and forms. Adobe Experience Manager has a cross-site scripting vulnerability that could be exploited by attackers to steal a victim's cookie-based authentication...

WordPress Integration for Billingo & Gravity Forms plugin <= 1.0.3 - Multiple Cross-Site Request Forgery (CSRF) vulnerabilities

Multiple Cross-Site Request Forgery CSRF vulnerabilities were discovered by Lana Code in the WordPress Integration for Billingo & Gravity Forms plugin versions = 1.0.3. Solution Update the WordPress Integration for Billingo & Gravity Forms plugin to the latest available version at least 1.0.4...

WordPress Integration for Szamlazz.hu & Gravity Forms plugin <= 1.2.6 - Multiple Cross-Site Request Forgery (CSRF) vulnerabilities

Multiple Cross-Site Request Forgery CSRF vulnerabilities were discovered by Lana Code in WordPress Integration for Szamlazz.hu & Gravity Forms plugin versions = 1.2.6. Solution Update the WordPress Integration for Szamlazz.hu & Gravity Forms plugin to the latest available version at least 1.2.7...

CVE-2022-40191

Authenticated subscriber+ Stored Cross-Site Scripting XSS vulnerability in Ali Khallad's Contact Form By Mega Forms plugin = 1.2.4 at WordPress...

CVE-2022-40191

Summary: CVE-2022-40191 affects the WordPress plugin “Ali Khallad’s Contact Form By Mega Forms” up to version 1.2.4. The issue is an authenticated (subscriber+) Stored Cross-Site Scripting (XSS) vulnerability stemming from inadequate sanitization/escaping of input, enabling script injection by us...

CVE-2022-40191 WordPress Contact Form By Mega Forms plugin <= 1.2.4 - Authenticated Stored Cross-Site Scripting (XSS) vulnerability

Authenticated subscriber+ Stored Cross-Site Scripting XSS vulnerability in Ali Khallad's Contact Form By Mega Forms plugin = 1.2.4 at WordPress...

WordPress plugin Contact Form By Mega Forms 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. WordPress plugin is an application plugin that supports personal blogs on PHP and MySQL servers. A cross-site scripting vulnerability exists in WordPress...

PT-2022-25272 · WordPress · Ali Khallad'S Contact Form By Mega Forms

Name of the Vulnerable Software and Affected Versions: Ali Khallad's Contact Form By Mega Forms plugin versions = 1.2.4 Description: The issue is an Authenticated Stored Cross-Site Scripting XSS vulnerability. This means that an attacker with subscriber or higher privileges can inject malicious...

WordPress Contact Form By Mega Forms plugin <= 1.2.4 - Authenticated Stored Cross-Site Scripting (XSS) vulnerability

Authenticated Stored Cross-Site Scripting XSS vulnerability discovered by ptsfence Patchstack Alliance in WordPress Contact Form By Mega Forms plugin versions = 1.2.4. Solution Update the WordPress Contact Form By Mega Forms – Drag and Drop Form Builder plugin to the latest available version at...

Contact Form By Mega Forms < 1.2.5 - Subscriber+ Stored Cross-Site Scripting

The plugin does not sanitise and escape some parameters, which could allow users with a role as low as subscriber to perform Stored Cross-Site Scripting attacks...

WordPress Torro Forms plugin <= 1.0.16 - Authenticated Stored Cross-Site Scripting (XSS) vulnerability

Authenticated Stored Cross-Site Scripting XSS vulnerability discovered by Ngo Van Thien Patchstack Alliance in WordPress Torro Forms plugin versions = 1.0.16. Solution Deactivate and delete. No reply from the vendor...

Torro Forms <= 1.0.16 - Contributor+ Stored Cross-Site Scripting

The plugin does not sanitise and escape some parameters, which could allow users with a role as low as contributor to perform Cross-Site Scripting attacks...