CVE-2020-36173

The Ninja Forms plugin before 3.4.28 for WordPress lacks escaping for submissions-table fields...

Cross site request forgery (csrf)

The Ninja Forms plugin before 3.4.27.1 for WordPress allows CSRF via services integration...

Code injection

The Ninja Forms plugin before 3.4.28 for WordPress lacks escaping for submissions-table fields...

Input validation

The Ninja Forms plugin before 3.4.27.1 for WordPress allows attackers to bypass validation via the email field...

CVE-2020-36174

The Ninja Forms plugin before 3.4.27.1 for WordPress allows CSRF via services integration...

CVE-2020-36173

The CVE-2020-36173 entry concerns the WordPress Ninja Forms plugin before version 3.4.28. Connected sources confirm a vulnerability in the submissions-table fields due to missing escaping, allowing potential Cross‑Site Scripting (XSS). The core issue is improper escaping of HTML content in submis...

CVE-2020-36173

The Ninja Forms plugin before 3.4.28 for WordPress lacks escaping for submissions-table fields...

CVE-2020-36175

The CVE-2020-36175 entry concerns the WordPress Ninja Forms plugin prior to version 3.4.27.1. Connected documents confirm a vulnerability where the email field can bypass validation, enabling input that should be rejected by the form’s validation logic. The affected component is the Ninja Forms W...

CVE-2020-36175

The Ninja Forms plugin before 3.4.27.1 for WordPress allows attackers to bypass validation via the email field...

CVE-2020-36174

The Ninja Forms plugin before 3.4.27.1 for WordPress allows CSRF via services integration...

CVE-2020-36174

CVE-2020-36174 affects the WordPress Ninja Forms plugin prior to version 3.4.27.1. The vulnerability is CSRF through the plugin’s services integration, enabling an attacker to trigger actions on behalf of an authenticated user. Public sources in the connected set corroborate that this issue is ro...

CVE-2020-36170

The Ultimate Member plugin before 2.1.13 for WordPress mishandles hidden name="timestamp" fields in forms...

CVE-2020-36170

The Ultimate Member plugin before 2.1.13 for WordPress mishandles hidden name="timestamp" fields in forms...

WordPress Ninja Forms plugin code issue vulnerability

WordPress is a blogging platform developed by the WordPress Wordpress Foundation using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.Ninja Forms plugin is a form creation component used in it. A code issue exists in the WordPress Ninja Forms plugin before...

WordPress Ninja Forms plugin Cross-Site Request Forgery Vulnerability

WordPress is a set of blogging platforms developed using the PHP language by the WordPress Wordpress Foundation. The platform supports setting up personal blog sites on servers with PHP and MySQL. WordPress Ninja Forms plugin before 3.4.27.1 suffers from a cross-site request forgery vulnerability...

WordPress Ninja Forms plugin Access Control Error Vulnerability

WordPress is a blogging platform developed by the WordPress Wordpress Foundation using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.Ninja Forms plugin is a form creation component used in it. WordPress Ninja Forms plugin before 3.4.27.1 suffers from an Acce...

[SECURITY] [DSA 4820-1] horizon security update

------------------------------------------------------------------------- Debian Security Advisory DSA-4820-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff December 27, 2020 https://www.debian.org/security/faq -...

CVE-2020-24444

AEM Forms SP6 add-on for AEM 6.5.6.0 and Forms add-on package for AEM 6.4 Service Pack 8 Cumulative Fix Pack 2 6.4.8.2 have a blind Server-Side Request Forgery SSRF vulnerability. This vulnerability could be exploited by an unauthenticated attacker to gather information about internal systems tha...

CVE-2020-24444

AEM Forms SP6 add-on for AEM 6.5.6.0 and Forms add-on package for AEM 6.4 Service Pack 8 Cumulative Fix Pack 2 6.4.8.2 have a blind Server-Side Request Forgery SSRF vulnerability. This vulnerability could be exploited by an unauthenticated attacker to gather information about internal systems tha...

Server side request forgery (ssrf)

AEM Forms SP6 add-on for AEM 6.5.6.0 and Forms add-on package for AEM 6.4 Service Pack 8 Cumulative Fix Pack 2 6.4.8.2 have a blind Server-Side Request Forgery SSRF vulnerability. This vulnerability could be exploited by an unauthenticated attacker to gather information about internal systems tha...