WordPress plugin SQL injection vulnerability (CNVD-2021-102399)

WordPress is the Wordpress Foundation's set of blogging platform developed using the PHP language . The platform supports PHP and MySQL servers to set up a personal blog site.WordPress Plugin is a WordPress open source application plugin . WordPress Ninja Forms Contact Form plugin version 3.6.4...

Librenms 跨站脚本漏洞

Librenms is a PHP and MySQL based open source network monitoring system for the Librenms community. The system features custom alerts, auto-discovery of network environments, and automatic updates.Librenms suffers from a cross-site scripting vulnerability that originates in...

CVE-2021-24889

The Ninja Forms Contact Form WordPress plugin before 3.6.4 does not escape keys of the fields POST parameter, which could allow high privilege users to perform SQL injections attacks...

CVE-2021-24889

The Ninja Forms Contact Form WordPress plugin before 3.6.4 does not escape keys of the fields POST parameter, which could allow high privilege users to perform SQL injections attacks...

Sql injection

The Ninja Forms Contact Form WordPress plugin before 3.6.4 does not escape keys of the fields POST parameter, which could allow high privilege users to perform SQL injections attacks...

CVE-2021-24889

The CVE refers to WordPress Ninja Forms Contact Form plugin. Up to version 3.6.3 (3.6.4 fixes) the vulnerability stems from not escaping keys of POST parameters, enabling SQL injection by high-privilege users. Affected product: Ninja Forms Contact Form WordPress plugin. Root cause: missing escapi...

CVE-2021-24889 Ninja Forms < 3.6.4 - Admin+ SQL Injection

The Ninja Forms Contact Form WordPress plugin before 3.6.4 does not escape keys of the fields POST parameter, which could allow high privilege users to perform SQL injections attacks...

WordPress和WordPress 插件 SQL注入漏洞

WordPress is the Wordpress Foundation's set of blogging platform developed using the PHP language . The platform supports PHP and MySQL servers to set up a personal blog site.WordPress Plugin is a WordPress open source application plugin . WordPress Ninja Forms Contact Form plugin version 3.6.4...

CVE-2021-24892

Insecure Direct Object Reference in edit function of Advanced Forms Free & Pro before 1.6.9 allows authenticated remote attacker to change arbitrary user's email address and request for reset password, which could lead to take over of WordPress's administrator account. To exploit this...

CVE-2021-24892

Insecure Direct Object Reference in edit function of Advanced Forms Free & Pro before 1.6.9 allows authenticated remote attacker to change arbitrary user's email address and request for reset password, which could lead to take over of WordPress's administrator account. To exploit this...

Design/Logic Flaw

Insecure Direct Object Reference in edit function of Advanced Forms Free & Pro before 1.6.9 allows authenticated remote attacker to change arbitrary user's email address and request for reset password, which could lead to take over of WordPress's administrator account. To exploit this...

CVE-2021-24892 Advanced Forms < 1.6.9 - Subscriber+ Arbitrary User Email Address Update via IDOR

Insecure Direct Object Reference in edit function of Advanced Forms Free & Pro before 1.6.9 allows authenticated remote attacker to change arbitrary user's email address and request for reset password, which could lead to take over of WordPress's administrator account. To exploit this...

CVE-2021-24892

The CVE-2021-24892 issue affects WordPress Advanced Forms (Free & Pro) prior to 1.6.9. Affected component: edit function handling user email updates via insecure direct object reference (IDOR). Root cause: authenticated users can exploit IDOR to modify arbitrary users’ email addresses and trigger...

WordPress 安全漏洞

WordPress is a set of blogging platforms developed using the PHP language by the WordPress Wordpress Foundation. The platform supports the hosting of personal blog sites on servers with PHP and MySQL. A security vulnerability exists in WordPress Advanced Forms that allows an authenticated, remote...

WordPress Everest Forms plugin <= 1.7.9 - Reflected Cross-Site Scripting (XSS) vulnerability

Reflected Cross-Site Scripting XSS vulnerability discovered by JrXnm in WordPress Everest Forms plugin versions = 1.7.9. Solution Update the WordPress Everest Forms plugin to the latest available version at least 1.8.0...

Everest Forms < 1.8.0 - Reflected Cross-Site Scripting

The plugin does not escape the status parameter before outputting it back in an attribute, leading to a Reflected Cross-Site Scripting issue The formid needs to be a valid one...

Everest Forms < 1.8.0 - Reflected Cross-Site Scripting

The plugin does not escape the status parameter before outputting it back in an attribute, leading to a Reflected Cross-Site Scripting issue PoC The formid needs to be a valid one...

CVE-2021-39353

The Easy Registration Forms WordPress plugin is vulnerable to Cross-Site Request Forgery due to missing nonce validation via the ajaxaddform function found in the /includes/class-form.php file which made it possible for attackers to inject arbitrary web scripts in versions up to, and including...

Cross site request forgery (csrf)

The Easy Registration Forms WordPress plugin is vulnerable to Cross-Site Request Forgery due to missing nonce validation via the ajaxaddform function found in the /includes/class-form.php file which made it possible for attackers to inject arbitrary web scripts in versions up to, and including...

CVE-2021-39353 Easy Registration Forms <= 2.1.1 Cross-Site Request Forgery to Stored Cross-Site Scripting

The Easy Registration Forms WordPress plugin is vulnerable to Cross-Site Request Forgery due to missing nonce validation via the ajaxaddform function found in the /includes/class-form.php file which made it possible for attackers to inject arbitrary web scripts in versions up to, and including...