8262 matches found
CVE-2017-18574
The ninja-forms plugin before 3.0.31 for WordPress has insufficient HTML escaping in the builder...
CVE-2017-18574
The ninja-forms plugin before 3.0.31 for WordPress has insufficient HTML escaping in the builder...
CVE-2018-20981
The ninja-forms plugin before 3.3.9 for WordPress has insufficient restrictions on submission-data retrieval during Export Personal Data requests...
Code injection
The ninja-forms plugin before 3.2.15 for WordPress has parameter tampering...
Hardcoded credentials
The ninja-forms plugin before 3.0.31 for WordPress has insufficient HTML escaping in the builder...
Design/Logic Flaw
The ninja-forms plugin before 3.3.9 for WordPress has insufficient restrictions on submission-data retrieval during Export Personal Data requests...
CVE-2017-18574
The ninja-forms plugin before 3.0.31 for WordPress has insufficient HTML escaping in the builder...
CVE-2017-18574
The CVE refers to the Ninja Forms WordPress plugin (before version 3.0.31) with insufficient HTML escaping in the builder, leading to an XSS vulnerability. Affected: Ninja Forms plugin for WordPress; root cause: inadequate escaping in the builder component. Impact: cross-site scripting potential;...
CVE-2018-20981
CVE-2018-20981 affects the WordPress Ninja Forms plugin prior to version 3.3.9. The issue is described as insufficient restrictions on submission-data retrieval during Export Personal Data requests, which could enable access to personal data during the export process. The available connected docu...
CVE-2018-20981
The ninja-forms plugin before 3.3.9 for WordPress has insufficient restrictions on submission-data retrieval during Export Personal Data requests...
CVE-2018-20980
CVE-2018-20980 affects the Ninja Forms plugin for WordPress prior to version 3.2.15, with a parameter tampering vulnerability. The NVD metrics indicate a CVSS-3 base score of 7.5 (HIGH), driven by network attack vector, low complexity, no privileges required, but impact on integrity is HIGH while...
CVE-2018-20980
The ninja-forms plugin before 3.2.15 for WordPress has parameter tampering...
CVE-2014-10380
The profile-builder plugin before 1.1.66 for WordPress has multiple XSS issues in forms...
Cross site scripting
The profile-builder plugin before 1.1.66 for WordPress has multiple XSS issues in forms...
CVE-2014-10380
The profile-builder plugin before 1.1.66 for WordPress has multiple XSS issues in forms...
CVE-2014-10380
CVE-2014-10380 affects the WordPress Profile Builder plugin prior to 1.1.66, with multiple XSS flaws in forms. The connected Red Hat/CVE pages and other sources reiterate the same description. No explicit exploitation details, impact scope, or remediation/version-specific fixes are provided in th...
CVE-2016-10903
The GoDaddy godaddy-email-marketing-sign-up-forms plugin before 1.1.3 for WordPress has CSRF...
CVE-2016-10903
CVE-2016-10903 is a CSRF vulnerability in the GoDaddy WordPress plugin GoDaddy Email Marketing Sign-Up Forms, affected in versions before 1.1.3. Multiple sources (NVD, Red Hat, CNVD, PRION, CVE lists, and WPVulndb) consistently identify the issue as cross-site request forgery within this plugin. ...
OpenEMR Command Injection Vulnerability (CNVD-2019-28410)
OpenEMR is a medical practice management software that also supports electronic medical records EMR. A command injection vulnerability exists in OpenEMR 5.0.1 and earlier versions, which can be exploited by an authenticated attacker to execute arbitrary commands on the host system via the "Scanne...
CVE-2019-3968
In OpenEMR 5.0.1 and earlier, an authenticated attacker can execute arbitrary commands on the host system via the Scanned Forms interface when creating a new form...