Updated python-django/python-asgiref packages fix security vulnerability

The % debug % template tag didn't properly encode the current context posing an XSS attack vector CVE-2022-22818. Passing certain inputs to multipart forms could result in an infinite loop when parsing files resulting in a denial of service CVE-2022-23833. The python-django update necessitated a...

MGASA-2022-0104 Updated python-django/python-asgiref packages fix security vulnerability

The % debug % template tag didn't properly encode the current context posing an XSS attack vector CVE-2022-22818. Passing certain inputs to multipart forms could result in an infinite loop when parsing files resulting in a denial of service CVE-2022-23833. The python-django update necessitated a...

Click Jacking

sylius/sylius is vulnerable to click-jacking attacks. An attacker can avoid login forms and load the malicious website within an iframe due to the missing HTTP headers...

WordPress Smart Forms Plugin Information Disclosure Vulnerability

WordPress is a set of blogging platforms developed using the PHP language by the Wordpress Foundation. The platform supports setting up personal blog sites on servers with PHP and MySQL. An information disclosure vulnerability exists in WordPress Smart Forms Plugin versions prior to 2.6.71, which...

Ninja Forms File Uploads Extension < 3.3.13 - Unauthenticated Stored Cross-Site Scripting

The plugin is vulnerable to stored cross-site scripting due to missing sanitization of the files filename parameter found in the /includes/ajax/controllers/uploads.php file which can be used by unauthenticated attackers to add malicious web scripts to vulnerable WordPress sites...

Ninja Forms File Uploads Extension < 3.3.1 - Unauthenticated Arbitrary File Upload

The plugin is vulnerable to arbitrary file uploads due to insufficient input file type validation found in the /includes/ajax/controllers/uploads.php file which can be bypassed making it possible for unauthenticated attackers to upload malicious files that can be used to obtain remote code...

WordPress Ninja Forms File Uploads Extension premium plugin <= 3.3.0 - Unauthenticated Arbitrary File Upload vulnerability

Unauthenticated Arbitrary File Upload vulnerability discovered by Muhammad Zeeshan Xib3rR4dAr in WordPress Ninja Forms File Uploads Extension premium plugin versions = 3.3.0. Solution Update the WordPress Ninja Forms File Uploads Extension premium plugin to the latest available version at least...

Ninja Forms File Uploads Extension < 3.3.1 - Unauthenticated Arbitrary File Upload

The plugin is vulnerable to arbitrary file uploads due to insufficient input file type validation found in the /includes/ajax/controllers/uploads.php file which can be bypassed making it possible for unauthenticated attackers to upload malicious files that can be used to obtain remote code...

WordPress Ninja Forms File Uploads Extension premium plugin <= 3.3.12 - Reflected Cross-Site Scripting (XSS) vulnerability

Reflected Cross-Site Scripting XSS vulnerability discovered by Nuno Correia Blaze Security in WordPress Ninja Forms File Uploads Extension premium plugin versions = 3.3.12. Solution Update the WordPress Ninja Forms File Uploads Extension premium plugin to the latest available version at least...

CVE-2022-0163

The Smart Forms WordPress plugin before 2.6.71 does not have authorisation in its rednaosmartformsentrieslist AJAX action, allowing any authenticated users, such as subscriber, to download arbitrary form's data, which could include sensitive information such as PII depending on the form...

CVE-2022-0163

The Smart Forms WordPress plugin before 2.6.71 does not have authorisation in its rednaosmartformsentrieslist AJAX action, allowing any authenticated users, such as subscriber, to download arbitrary form's data, which could include sensitive information such as PII depending on the form...

CVE-2022-0163

The Smart Forms WordPress plugin before 2.6.71 does not have authorisation in its rednaosmartformsentrieslist AJAX action, allowing any authenticated users, such as subscriber, to download arbitrary form's data, which could include sensitive information such as PII depending on the form...

Information disclosure

The Smart Forms WordPress plugin before 2.6.71 does not have authorisation in its rednaosmartformsentrieslist AJAX action, allowing any authenticated users, such as subscriber, to download arbitrary form's data, which could include sensitive information such as PII depending on the form...

CVE-2022-0163 Smart Forms < 2.6.71 - Subscriber+ Form Data Download

The Smart Forms WordPress plugin before 2.6.71 does not have authorisation in its rednaosmartformsentrieslist AJAX action, allowing any authenticated users, such as subscriber, to download arbitrary form's data, which could include sensitive information such as PII depending on the form...

CVE-2022-0163

CVE-2022-0163 concerns the WordPress plugin Smart Forms prior to 2.6.71, which exposes the rednao_smart_forms_entries_list AJAX endpoint without proper authorization. This allows any authenticated user (e.g., a subscriber) to download arbitrary form data, potentially exposing sensitive informatio...

WordPress的Smart Forms插件安全漏洞

WordPress is a set of blogging platforms developed using the PHP language by the Wordpress Foundation. The platform supports setting up personal blog sites on servers with PHP and MySQL. An information disclosure vulnerability exists in WordPress Smart Forms Plugin versions prior to 2.6.71, which...

CVE-2021-38268

The Dynamic Data Mapping module in Liferay Portal 7.0.0 through 7.3.6, and Liferay DXP 7.0 before fix pack 101, 7.1 before fix pack 21, 7.2 before fix pack 10 and 7.3 before fix pack 2 incorrectly sets default permissions for site members, which allows remote authenticated users with the site...

CVE-2021-38268

The Dynamic Data Mapping module in Liferay Portal 7.0.0 through 7.3.6, and Liferay DXP 7.0 before fix pack 101, 7.1 before fix pack 21, 7.2 before fix pack 10 and 7.3 before fix pack 2 incorrectly sets default permissions for site members, which allows remote authenticated users with the site...

CVE-2021-24689

The Contact Forms - Drag & Drop Contact Form Builder WordPress plugin through 1.0.5 allows high privilege users to download arbitrary files from the web server via a path traversal attack...

Path traversal

The Contact Forms - Drag & Drop Contact Form Builder WordPress plugin through 1.0.5 allows high privilege users to download arbitrary files from the web server via a path traversal attack...