WordPress Ninja Forms Plugin < 3.3.21.2 SQLi Vulnerability

The WordPress plugin Copyright C 2019 Greenbone Networks GmbH SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation; either version 2 of the...

DRUPAL-CONTRIB-2019-064

Forms Steps provides an UI to create form workflows using form modes. It creates quick and configurable multisteps forms. The module doesn't sufficiently check user permissions to access its workflows entities that allows to see any entities that have been created through the different steps of i...

CVE-2019-15025

The ninja-forms plugin before 3.3.21.2 for WordPress has SQL injection in the search filter on the submissions page...

CVE-2019-15025

The ninja-forms plugin before 3.3.21.2 for WordPress has SQL injection in the search filter on the submissions page...

Sql injection

The ninja-forms plugin before 3.3.21.2 for WordPress has SQL injection in the search filter on the submissions page...

CVE-2019-15025

The connected documents identify CVE-2019-15025 as a SQL injection vulnerability in the WordPress Ninja Forms plugin. Affected software: Ninja Forms plugin for WordPress (before version 3.3.21.2). The vulnerability exists in the search filter on the submissions page, due to an injection flaw in t...

CVE-2019-15025

The ninja-forms plugin before 3.3.21.2 for WordPress has SQL injection in the search filter on the submissions page...

CVE-2019-15028

In Joomla! before 3.9.11, inadequate checks in comcontact could allow mail submission in disabled forms...

CVE-2019-15028

In Joomla! before 3.9.11, inadequate checks in comcontact could allow mail submission in disabled forms...

Design/Logic Flaw

In Joomla! before 3.9.11, inadequate checks in comcontact could allow mail submission in disabled forms...

Forms Steps - Critical - Access bypass - SA-CONTRIB-2019-064

Forms Steps provides an UI to create form workflows using form modes. It creates quick and configurable multisteps forms. The module doesn't sufficiently check user permissions to access its workflows entities that allows to see any entities that have been created through the different steps of i...

CVE-2017-18495

The gravity-forms-sms-notifications plugin before 2.4.0 for WordPress has XSS...

CVE-2017-18495

The gravity-forms-sms-notifications plugin before 2.4.0 for WordPress has XSS...

Cross site scripting

The gravity-forms-sms-notifications plugin before 2.4.0 for WordPress has XSS...

CVE-2017-18495

The connected records confirm CVE-2017-18495 affects the Gravity Forms SMS Notifications plugin for WordPress, with a cross-site scripting (XSS) vulnerability in versions prior to 2.4.0. The issue arises from insufficient validation of client-side data, enabling an attacker to execute client-side...

CVE-2017-18495

The gravity-forms-sms-notifications plugin before 2.4.0 for WordPress has XSS...

Malicious Package

jquery-airload is a malicious package. The package contains a malicious code which will execute in the browser, steal sensitive information such as password, cvc, cardnumber fileds from forms and send to https://js-metrics.com/minjs.php?pl=...

Malicious Package

slush-fullstack-framework is vulnerable to malicious package. The package contains a malicious code which will execute in the browser, steal sensitive information such as password, cvc, cardnumber fileds from forms and send to https://js-metrics.com/minjs.php?pl=...

Malicious Package

device-mqtt is a malicious package. The package contains a malicious code which will execute in the browser, steal sensitive information such as password, cvc, cardnumber fileds from forms and send to https://js-metrics.com/minjs.php?pl=...

Malicious Package

sailclothjs is malicious package. The package contains a malicious code which will steal sensitive information such as password, cvc, cardnumber fileds from forms and send to https://js-metrics.com/minjs.php?pl=...