WordPress Formidable Forms Builder Plugin < 4.02.01 RCE Vulnerability

The WordPress plugin SPDX-FileCopyrightText: 2019 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription scriptoid"1.3.6.1.4.1.25623.1.0.113509";...

The vulnerability of the platform for automating operations in healthcare institutions of the Russian Federation’s entity Tra: The lack of a CSRF token in web forms allows actions to be performed on behalf of users, including administrators.

The vulnerability of the platform for automating operations in healthcare institutions of the Russian Federation’s Tra: Pharmaceutical Supply relates to the absence of a CSRF token in web forms. Exploiting this vulnerability allows a malicious actor to execute cross-site requests on behalf of...

Spam and phishing in Q2 2019

Quarterly highlights Spam through Google services In the second quarter of 2019, scammers were making active use of cloud-based data storage services such as Google Drive and Google Storage to hide their illegal content. The reasoning behind this is simple: a link from a legitimate domain is seen...

WordPress ninja-forms plugin input validation error vulnerability (CNVD-2019-30585)

WordPress is the WordPress Foundation's set of blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers. ninja-forms is a contact form creation plugin used in it. An input validation error vulnerability exists in the WordPress...

WordPress ninja-forms plugin input validation error vulnerability (CNVD-2019-30586)

WordPress is the WordPress Foundation's set of blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers. ninja-forms is a contact form creation plugin used in it. WordPress ninja-forms plugin input validation error vulnerability. The...

WordPress ninja-forms plugin input validation error vulnerability

WordPress is the WordPress Foundation's set of blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers. ninja-forms is a contact form creation plugin used in it. The WordPress ninja-forms plugin suffers from an input validation error...

WordPress GoDaddy godaddy-email-marketing-sign-up-forms plugin cross-site request forgery vulnerability

WordPress is a set of blogging platforms developed using the PHP language by the WordPress Foundation. The platform supports setting up personal blog sites on servers with PHP and MySQL. A cross-site request forgery vulnerability exists in the WordPress GoDaddy godaddy-email-marketing-sign-up-for...

CVE-2017-18574

The ninja-forms plugin before 3.0.31 for WordPress has insufficient HTML escaping in the builder...

CVE-2018-20980

The ninja-forms plugin before 3.2.15 for WordPress has parameter tampering...

CVE-2017-18574

The ninja-forms plugin before 3.0.31 for WordPress has insufficient HTML escaping in the builder...

CVE-2018-20980

The ninja-forms plugin before 3.2.15 for WordPress has parameter tampering...

CVE-2018-20981

The ninja-forms plugin before 3.3.9 for WordPress has insufficient restrictions on submission-data retrieval during Export Personal Data requests...

Hardcoded credentials

The ninja-forms plugin before 3.0.31 for WordPress has insufficient HTML escaping in the builder...

Code injection

The ninja-forms plugin before 3.2.15 for WordPress has parameter tampering...

Design/Logic Flaw

The ninja-forms plugin before 3.3.9 for WordPress has insufficient restrictions on submission-data retrieval during Export Personal Data requests...

CVE-2017-18574

The ninja-forms plugin before 3.0.31 for WordPress has insufficient HTML escaping in the builder...

CVE-2017-18574

The CVE refers to the Ninja Forms WordPress plugin (before version 3.0.31) with insufficient HTML escaping in the builder, leading to an XSS vulnerability. Affected: Ninja Forms plugin for WordPress; root cause: inadequate escaping in the builder component. Impact: cross-site scripting potential;...

CVE-2018-20981

The ninja-forms plugin before 3.3.9 for WordPress has insufficient restrictions on submission-data retrieval during Export Personal Data requests...

CVE-2018-20981

CVE-2018-20981 affects the WordPress Ninja Forms plugin prior to version 3.3.9. The issue is described as insufficient restrictions on submission-data retrieval during Export Personal Data requests, which could enable access to personal data during the export process. The available connected docu...

CVE-2018-20980

The ninja-forms plugin before 3.2.15 for WordPress has parameter tampering...