WordPress plugin Ninja Forms Contact Form 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site scripting...

Jenkins OpsGenie Plugin vulnerable to Cleartext Transmission of Sensitive Information

Jenkins OpsGenie Plugin 1.9 and earlier stores API keys unencrypted in its global configuration file com.opsgenie.integration.jenkins.OpsGenieNotifier.xml and in job config.xml files on the Jenkins controller as part of its configuration. Additionally, they are transmitted in plain text as part o...

CVE-2022-34804

Jenkins OpsGenie Plugin 1.9 and earlier transmits API keys in plain text as part of the global Jenkins configuration form and job configuration forms, potentially resulting in their exposure...

PT-2022-22355 · Jenkins · Jenkins Opsgenie Plugin +1

Name of the Vulnerable Software and Affected Versions: Jenkins OpsGenie Plugin versions 1.9 and earlier Description: The issue concerns the storage of API keys in an unencrypted manner within the global configuration file and job config.xml files on the Jenkins controller. These keys can be...

UBUNTU-CVE-2022-31056

GLPI is a Free Asset and IT Management Software package, Data center management, ITIL Service Desk, licenses tracking and software auditing. In affected versions all assistance forms Ticket/Change/Problem permit sql injection on the actor fields. This issue has been resolved in version 10.0.2 and...

PT-2022-20494 · Glpi +1 · Glpi +1

Name of the Vulnerable Software and Affected Versions: GLPI versions prior to 10.0.2 Description: The issue affects all assistance forms, including Ticket, Change, and Problem, allowing sql injection on the actor fields. This has been resolved in version 10.0.2. Recommendations: For versions prio...

GLPI SQL注入漏洞

GLPI is an open source IT and asset management software for individual developers. The software provides a full-featured IT resource management interface that you can use to build databases to fully manage IT computers, monitors, servers, printers, network devices, phones, even toner cartridges a...

CVE-2022-30118

Title for CVE: XSS in /dashboard/system/express/entities/forms/savecontrol/GUID: old browsers only.Description: When using Internet Explorer with the XSS protection disabled, editing a form control in an express entities form for Concrete 8.5.7 and below as well as Concrete 9.0 through 9.0.2 can...

WordPress Ninja Forms Plugin <= 3.6.9 XSS Vulnerability

The WordPress plugin Copyright C 2022 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can redistribute it and/or modify it...

New vulnerability allows attackers to takeover entire WordPress website

Threat Level Vulnerability Report For a detailed advisory, download the pdf file here Summary An unauthenticated attacker can call multiple methods in Ninja Forms class in order to inject objects to eventually perform Remote Code ExecutionRCE...

Malicious code in mario-forms (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 71e37a7368374d32bbf68c928c8475b6c6948e0bb22d69a3e7ac581a0b5216ec Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Malicious code in forms-embed-utils-lib (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware bf97fb0f32cd32091dcbca4ce7c70f578f20c58517aac7986b936e4e76bf16f0 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

MAL-2022-3110 Malicious code in forms-embed-utils-lib (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware bf97fb0f32cd32091dcbca4ce7c70f578f20c58517aac7986b936e4e76bf16f0 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

cjs-forms (>=0.0.1 <=1.0.0), output-customization (=1.0.0) potentially affected by unknown CVE via @ve-private/test-helpers (=0.0.1-security.9)

@ve-private/test-helpers NPM version =0.0.1-security.9 is affected by a known vulnerability. The following packages have a transitive dependency on @ve-private/test-helpers and may be impacted: - cjs-forms =0.0.1, =1.0.0 - output-customization =1.0.0 Source cves: unknown CVE Source advisory:...

WordPress plugin Ninja Forms Contact Form cross-site scripting vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation. WordPress is a set of blogging platforms developed using the PHP language. WordPress plugin is an application plugin. WordPress plugin Ninja Forms Contact Form 3.6.9 and earlier versions have a cross-site scripting...

Ninja Forms Plugin for WordPress < 3.6.11 Code Injection

The WordPress Ninja Forms Plugin installed on the remote host is affected by a code injection vulnerability. Note that the scanner has not tested for these issues but has instead relied only on the application's self-reported version number. No source data...

Give < 2.21.0 - Reflected Cross-Site Scripting

The plugin does not escape some URLs before outputting them back in attributes, leading to Reflected Cross-Site Scripting https://example.com/wp-admin/edit.php?posttype=giveforms&page=give-tools&a"alert/XSS/...

Over a Million WordPress Sites Forcibly Updated to Patch a Critical Plugin Vulnerability

WordPress websites using a widely used plugin named Ninja Forms have been updated automatically to remediate a critical security vulnerability that's suspected of having been actively exploited in the wild. The issue, which relates to a case of code injection, is rated 9.8 out of 10 for severity...

CVE-2021-36827

Auth. admin+ Stored Cross-Site Scripting XSS vulnerability in Saturday Drive's Ninja Forms Contact Form plugin = 3.6.9 at WordPress via "label"...

CVE-2021-36827

Auth. admin+ Stored Cross-Site Scripting XSS vulnerability in Saturday Drive's Ninja Forms Contact Form plugin = 3.6.9 at WordPress via "label"...