CVE-2021-24923

The CVE-2021-24923 issue affects the Sendinblue Newsletter, SMTP, Email marketing and Subscribe forms WordPress plugin, pre-3.1.25. The root cause is improper escaping of the sib-statistics-date parameter when it is output in an HTML attribute, leading to a Reflected Cross-Site Scripting (XSS) vu...

20K WordPress Sites Exposed by Insecure Plugin REST-API

More than 20,000 WordPress sites are vulnerable to malicious code injection, phishing scams and more as the result of a high-severity cross-site scripting XSS bug discovered in the WordPress Email Template Designer – WP HTML Mail, a plugin for designing custom emails. The new vulnerability...

WordPress GiveWP plugin <= 2.17.2 - Reflected Cross-Site Scripting (XSS) vulnerability

Reflected Cross-Site Scripting XSS via Donation Forms Dashboard vulnerability discovered by JrXnm in WordPress GiveWP plugin versions = 2.17.2. Solution Update the WordPress GiveWP plugin to the latest available version at least 2.17.3...

Give < 2.17.3 - Reflected Cross-Site Scripting via Donation Forms Dashboard

The plugin does not escape the s parameter before outputting it back in an attribute in the Donation Forms dashboard, leading to a Reflected Cross-Site Scripting PoC...

Give < 2.17.3 - Reflected Cross-Site Scripting via Donation Forms Dashboard

The plugin does not escape the s parameter before outputting it back in an attribute in the Donation Forms dashboard, leading to a Reflected Cross-Site Scripting...

CVE-2021-44177

AEM's Cloud Service offering, as well as version 6.5.10.0 and below are affected by a stored Cross-Site Scripting XSS vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they...

CVE-2021-40722

AEM Forms Cloud Service offering, as well as version 6.5.10.0 and below are affected by an XML External Entity XXE injection vulnerability that could be abused by an attacker to achieve RCE...

CVE-2021-40722

AEM Forms Cloud Service offering, as well as version 6.5.10.0 and below are affected by an XML External Entity XXE injection vulnerability that could be abused by an attacker to achieve RCE...

Xxe

AEM Forms Cloud Service offering, as well as version 6.5.10.0 and below are affected by an XML External Entity XXE injection vulnerability that could be abused by an attacker to achieve RCE...

CVE-2021-40722 AEM Forms Improper Restriction of XML External Entity Reference

AEM Forms Cloud Service offering, as well as version 6.5.10.0 and below are affected by an XML External Entity XXE injection vulnerability that could be abused by an attacker to achieve RCE...

CVE-2021-40722

Adobe Experience Manager (AEM) – CVE-2021-40722 affects AEM Forms Cloud Service and on-prem 6.5.10.0 and earlier via an XML External Entity (XXE) injection that can lead to RCE. The connected advisories list this CVE as part of APSB21-103 and note remediation by upgrading to 6.5.11.0 or applying ...

WordPress everest-forms plugin cross-site scripting vulnerability

WordPress is the Wordpress Foundation's suite of blogging platforms developed using the PHP language. The platform supports setting up personal blogging sites on servers with PHP and MySQL.The WordPress everest-forms plugin has a cross-site scripting vulnerability in versions prior to 1.8.0. The...

Newsletter, SMTP, Email marketing and Subscribe forms by Sendinblue < 3.1.25 - Reflected XSS

The plugin does not escape the sib-statistics-date parameter before outputting it back in an attribute, leading to a Reflected Cross-Site Scripting issue PoC...

WordPress Newsletter, SMTP, Email marketing and Subscribe forms by Sendinblue plugin <= 3.1.24 - Reflected Cross-Site Scripting (XSS) vulnerability

Reflected Cross-Site Scripting XSS vulnerability discovered in WordPress Newsletter, SMTP, Email marketing and Subscribe forms by Sendinblue plugin versions = 3.1.24. Solution Update the WordPress Newsletter, SMTP, Email marketing and Subscribe forms by Sendinblue plugin to the latest available...

CVE-2021-24907 Everest Forms < 1.8.0 - Reflected Cross-Site Scripting

The Contact Form, Drag and Drop Form Builder for WordPress plugin before 1.8.0 does not escape the status parameter before outputting it back in an attribute, leading to a Reflected Cross-Site Scripting issue...

WordPress Easy Forms for Mailchimp plugin <= 6.8.5 - Reflected Cross-Site Scripting (XSS) vulnerability

Reflected Cross-Site Scripting XSS vulnerability discovered by JrXnm in WordPress Easy Forms for Mailchimp plugin versions = 6.8.5. Solution Update the WordPress Easy Forms for Mailchimp plugin to the latest available version at least 6.8.6...

WordPress 插件跨站脚本漏洞

WordPress is the Wordpress Foundation's suite of blogging platforms developed using the PHP language. The platform supports setting up personal blogging sites on servers with PHP and MySQL.The WordPress everest-forms plugin has a cross-site scripting vulnerability in versions prior to 1.8.0. The...

WordPress Caldera Forms Plugin Cross-Site Scripting Vulnerability (CNVD-2021-101996)

WordPress is the Wordpress Foundation's set of blogging platform developed using the PHP language. The platform supports the hosting of personal blog sites on PHP and MySQL servers. Caldera Forms Plugin is a WordPress open source application plugin. WordPress Caldera Forms Plugins prior to 1.9.5...

WordPress NEX-Forms plugin cross-site scripting vulnerability

WordPress is the Wordpress Foundation's set of blogging platform developed using the PHP language. The platform supports the hosting of personal blog sites on PHP and MySQL servers.NEX-Forms plugin is a WordPress open source application plugin.WordPress NEX-Forms plugin has a cross-site scripting...

Adobe Experience Manager cross-site scripting vulnerability (CNVD-2022-05443)

Adobe Experience Manager AEM is a set of content management solutions that can be used to build websites, mobile applications and forms from the American company Odobie Adobe. The program supports mobile content management, marketing and sales campaign management and multi-site management. A...