CVE-2020-23051

Phpgurukul User Registration & User Management System v2.0 was discovered to contain multiple stored cross-site scripting XSS vulnerabilities via the firstname and lastname parameters of the registration form & loginsystem input fields...

CVE-2021-42534

The affected product’s web application does not properly neutralize the input during webpage generation, which could allow an attacker to inject code in the input forms...

Code injection

The affected product’s web application does not properly neutralize the input during webpage generation, which could allow an attacker to inject code in the input forms...

WordPress Advanced Forms Pro premium plugin <= 1.6.8 - Arbitrary User Email Address Update via IDOR vulnerability

Arbitrary User Email Address Update via IDOR vulnerability discovered by Suppawit Punhakit in WordPress Advanced Forms Pro premium plugin versions = 1.6.8. Solution Update the WordPress Advanced Forms Pro premium plugin to the latest available version at least 1.6.9...

WordPress Advanced Forms plugin <= 1.6.8 - Arbitrary User Email Address Update via IDOR vulnerability

Arbitrary User Email Address Update via IDOR vulnerability discovered by Suppawit Punhakit in WordPress Advanced Forms plugin versions = 1.6.8. Solution Update the WordPress Advanced Forms plugin to the latest available version at least 1.6.9...

CVE-2021-24516

The PlanSo Forms WordPress plugin through 2.6.3 does not escape the title of its Form before outputting it in attributes, allowing high privilege users such as admin to set XSS payload in it, even when the unfilteredhtml is disallowed, leading to an Authenticated Stored Cross-Site Scripting issue...

CVE-2021-24516

The PlanSo Forms WordPress plugin through 2.6.3 does not escape the title of its Form before outputting it in attributes, allowing high privilege users such as admin to set XSS payload in it, even when the unfilteredhtml is disallowed, leading to an Authenticated Stored Cross-Site Scripting issue...

CVE-2021-24516 PlanSo Forms <= 2.6.3 - Authenticated Stored Cross-Site Scripting

The PlanSo Forms WordPress plugin through 2.6.3 does not escape the title of its Form before outputting it in attributes, allowing high privilege users such as admin to set XSS payload in it, even when the unfilteredhtml is disallowed, leading to an Authenticated Stored Cross-Site Scripting issue...

CVE-2021-24516

CVE-2021-24516 affects PlanSo Forms for WordPress (

WordPress 插件跨站脚本漏洞

WordPress is the Wordpress Foundation's set of blogging platform developed using the PHP language . The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress Plugin is an open source application plugin for WordPress. A cross-site scripting vulnerability exists i...

Security update for MozillaFirefox (important)

openSUSE Security Update: Security update for MozillaFirefox Announcement ID: openSUSE-SU-2021:1367-1 Rating: important References: 1188891 1189547 1190269 1190274 1190710 1191332 Cross-References: CVE-2021-29980 CVE-2021-29981 CVE-2021-29982 CVE-2021-29983 CVE-2021-29984 CVE-2021-29985...

WordPress Formidable Forms plugin <= 5.0.06 - Authenticated Stored Cross-Site Scripting (XSS) vulnerability

Authenticated Stored Cross-Site Scripting XSS vulnerability discovered by Thinkland Security Team in WordPress Formidable Forms plugin versions = 5.0.06. Solution Update the WordPress Formidable Forms plugin to the latest available version at least 5.0.07...

WordPress Ninja Forms Plugin < 3.5.8 Multiple Vulnerabilities

The WordPress plugin Copyright C 2021 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can redistribute it and/or modify it...

VulnCheck KEV: CVE-2021-24647

The Registration Forms – User profile, Content Restriction, Spam Protection, Payment Gateways, Invitation Codes WordPress plugin before 3.1.7.6 has a flaw in the social login implementation, allowing unauthenticated attacker to login as any user on the site by only knowing their user ID or userna...

Security update for MozillaFirefox (important)

openSUSE Security Update: Security update for MozillaFirefox Announcement ID: openSUSE-SU-2021:3331-1 Rating: important References: 1188891 1189547 1190269 1190274 1190710 1191332 Cross-References: CVE-2021-29980 CVE-2021-29981 CVE-2021-29982 CVE-2021-29983 CVE-2021-29984 CVE-2021-29985...

WordPress Wow Forms plugin <= 3.1.3 - SQL Injection (SQLi) vulnerability

SQL Injection SQLi vulnerability discovered by Shreya Pohekar Codevigilant Project in WordPress Wow Forms plugin versions = 3.1.3. Solution Deactivate and delete. This plugin has been closed as of June 18, 2021 and is not available for download. Reason: Security Issue...

Wow Forms <= 3.1.3 - Admin+ SQL Injection

The plugin does not sanitise or escape a 'did' GET parameter before using it in a SQL statement, when deleting a form in the admin dashboard, leading to an authenticated SQL injection https://plugins.trac.wordpress.org/browser/mwp-forms/trunk/admin/partials/main.phpL13 As admin,...

Wow Forms <= 3.1.3 - Admin+ SQL Injection

The plugin does not sanitise or escape a 'did' GET parameter before using it in a SQL statement, when deleting a form in the admin dashboard, leading to an authenticated SQL injection PoC https://plugins.trac.wordpress.org/browser/mwp-forms/trunk/admin/partials/main.phpL13 As admin,...

Balbooa Forms, 2.0.6 (not tested on others), SQL Injection

Balbooa Forms, 2.0.6 , SQL Injection...

WordPress Ninja Forms Contact Form plugin <= 3.5.8.1 - Stored Cross-Site Scripting (XSS) vulnerability

Stored Cross-Site Scripting XSS vulnerability discovered by Rodel Plasabas in WordPress Ninja Forms Contact Form plugin versions = 3.5.8.1. Solution Update the WordPress Ninja Forms Contact Form plugin to the latest available version at least 3.5.8.2...