CVE-2018-20980

CVE-2018-20980 affects the Ninja Forms plugin for WordPress prior to version 3.2.15, with a parameter tampering vulnerability. The NVD metrics indicate a CVSS-3 base score of 7.5 (HIGH), driven by network attack vector, low complexity, no privileges required, but impact on integrity is HIGH while...

CVE-2014-10380

The profile-builder plugin before 1.1.66 for WordPress has multiple XSS issues in forms...

Cross site scripting

The profile-builder plugin before 1.1.66 for WordPress has multiple XSS issues in forms...

CVE-2014-10380

CVE-2014-10380 affects the WordPress Profile Builder plugin prior to 1.1.66, with multiple XSS flaws in forms. The connected Red Hat/CVE pages and other sources reiterate the same description. No explicit exploitation details, impact scope, or remediation/version-specific fixes are provided in th...

CVE-2014-10380

The profile-builder plugin before 1.1.66 for WordPress has multiple XSS issues in forms...

CVE-2016-10903

The GoDaddy godaddy-email-marketing-sign-up-forms plugin before 1.1.3 for WordPress has CSRF...

CVE-2016-10903

CVE-2016-10903 is a CSRF vulnerability in the GoDaddy WordPress plugin GoDaddy Email Marketing Sign-Up Forms, affected in versions before 1.1.3. Multiple sources (NVD, Red Hat, CNVD, PRION, CVE lists, and WPVulndb) consistently identify the issue as cross-site request forgery within this plugin. ...

OpenEMR Command Injection Vulnerability (CNVD-2019-28410)

OpenEMR is a medical practice management software that also supports electronic medical records EMR. A command injection vulnerability exists in OpenEMR 5.0.1 and earlier versions, which can be exploited by an authenticated attacker to execute arbitrary commands on the host system via the "Scanne...

CVE-2019-3968

In OpenEMR 5.0.1 and earlier, an authenticated attacker can execute arbitrary commands on the host system via the Scanned Forms interface when creating a new form...

CVE-2019-3968

In OpenEMR 5.0.1 and earlier, an authenticated attacker can execute arbitrary commands on the host system via the Scanned Forms interface when creating a new form...

Command injection

In OpenEMR 5.0.1 and earlier, an authenticated attacker can execute arbitrary commands on the host system via the Scanned Forms interface when creating a new form...

CVE-2019-3968

CVE-2019-3968 affects OpenEMR 5.0.1 and earlier. An authenticated attacker can execute arbitrary commands on the host via the Scanned Forms interface when creating a new form. The Red Hat/other advisories corroborate command injection in OpenEMR New.php; no remediation details are provided in the...

CVE-2019-3968

In OpenEMR 5.0.1 and earlier, an authenticated attacker can execute arbitrary commands on the host system via the Scanned Forms interface when creating a new form...

Adobe Acrobat Reader DC XFA aliasNode Out-Of-Bounds Read Information Disclosure Vulnerability

This vulnerability allows remote attackers to disclose sensitive information on affected installations of Adobe Acrobat Reader DC. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within th...

Adobe Acrobat Reader DC XFA Form Use-After-Free Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Adobe Acrobat Reader DC. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handli...

CVE-2017-18547

The nelio-ab-testing plugin before 4.6.4 for WordPress has CSRF in experiment forms...

Cross site request forgery (csrf)

The nelio-ab-testing plugin before 4.6.4 for WordPress has CSRF in experiment forms...

CVE-2017-18547

The CVE concerns the WordPress Nelio Ab Testing plugin prior to version 4.6.4, where a CSRF flaw exists in the experiment forms. Multiple connected sources (Red Hat CVE entry, CNVD/CVE listings, CVE records, and WP vulnerability databases) corroborate that the vulnerability is a CSRF issue in the...

CVE-2017-18547

The nelio-ab-testing plugin before 4.6.4 for WordPress has CSRF in experiment forms...

WordPress Ninja Forms Plugin < 3.3.21.2 SQLi Vulnerability

The WordPress plugin Copyright C 2019 Greenbone Networks GmbH SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation; either version 2 of the...