WordPress Smart Forms plugin <= 2.5.15 - Cross-Site Request Forgery (CSRF) vulnerability

Cross-Site Request Forgery CSRF vulnerability found by Toshiharu Sugiyama in WordPress Smart Forms plugin versions = 2.5.15. Solution Update the WordPress Smart Forms plugin to the latest available version at least 2.6.16...

CVE-2019-5924

Cross-site request forgery CSRF vulnerability in Smart Forms 2.6.15 and earlier allows remote attackers to hijack the authentication of administrators via a specially crafted page...

CVE-2019-5924

Cross-site request forgery CSRF vulnerability in Smart Forms 2.6.15 and earlier allows remote attackers to hijack the authentication of administrators via a specially crafted page...

Cross site request forgery (csrf)

Cross-site request forgery CSRF vulnerability in Smart Forms 2.6.15 and earlier allows remote attackers to hijack the authentication of administrators via a specially crafted page...

CVE-2019-5924

Cross-site request forgery CSRF vulnerability in Smart Forms 2.6.15 and earlier allows remote attackers to hijack the authentication of administrators via a specially crafted page...

CVE-2019-5924

The CVE-2019-5924 issue affects the WordPress Smart Forms plugin (versions 2.6.15 and earlier). The root cause is a Cross-Site Request Forgery (CSRF) vulnerability that can allow an attacker to hijack an administrator’s authenticated session via a malicious page, enabling unauthorized actions suc...

WordPress Caldera Forms plugin <= 1.8.1 - Unspecified security issue related to Caldera Forms Pro API

Unspecified security issue found and patched in WordPress Caldera Forms plugin versions = 1.8.1. Vulnerable only when connected to Caldera Forms Pro API and used with WordPress SEO by Yoast or Jetpack’s map module. Solution Update the WordPress Caldera Forms plugin to the latest available version...

PT-2019-17865 · Unknown · Smart Forms

Name of the Vulnerable Software and Affected Versions: Smart Forms versions 2.6.15 and earlier Description: A cross-site request forgery issue allows remote attackers to hijack the authentication of administrators via a specially crafted page. Recommendations: For versions 2.6.15 and earlier,...

Caldera Forms Pro <= 1.8.1 - Unauthenticated Arbitrary File Read

According to the vendor: "This update includes an important SECURITY fix that affects some Pro customers. If you do not have Caldera Forms Pro API keys activated, this issue does not affect you." According to the original researchers: "The Caldera Forms Pro vulnerability would allow attackers to...

WordPress Contact Form 7 Multi-Step Forms plugin <= 3.0.8 - Authenticated Option Update vulnerability (Fremius Library security issue)

Authenticated Option Update vulnerability Fremius Library security issue found in WordPress Contact Form 7 Multi-Step Forms plugin versions = 3.0.8. Solution Update the WordPress Contact Form 7 Multi-Step Forms plugin to the latest available version at least 3.0.9...

XenForo 1.5.x Advanced Application Forms 1.2.2 Open Redirection

Exploit Title : XenForo 1.5.x Advanced Application Forms 1.2.2 Open Redirection Author Discovered By : KingSkrupellos Team : Cyberizm Digital Security Army Date : 02/03/2019 Vendor Homepage : xenforo.com snogssite.com Software Information Link :...

WordPress Smart Forms Cross-Site Request Forgery Vulnerability

WordPress is a set of WordPress Software Foundation's blogging platform developed using the PHP language, which supports personal blog sites on servers with PHP and MySQL. A cross-site request forgery vulnerability exists in WordPress Smart Forms 2.6.15 and earlier versions. A remote attacker can...

March 1, 2019 — KB4486553 Cumulative update for .NET Framework 3.5 and 4.7.2 for Windows 10, version 1809 and Windows Server 2019

March 1, 2019 — KB4486553 Cumulative update for .NET Framework 3.5 and 4.7.2 for Windows 10, version 1809 and Windows Server 2019 Release Date: 02/26/2019Version: .NET Framework 3.5 and 4.7.2 Improvements and fixes This update includes quality improvements. No new operating system features are...

Smart Forms <= 2.5.15 - Cross-Site Request Forgery (CSRF)

The Smart Forms – when you need more than just a contact form WordPress plugin was affected by a Cross-Site Request Forgery CSRF security vulnerability...

JVN#97656108: WordPress plugin "Smart Forms" vulnerable to cross-site request forgery

The WordPress plugin "Smart Forms" provided by RedNao contains a cross-site request forgery vulnerability CWE-352. Impact Unintended operations may be performed if a user logs into the WordPress administration screen and browses a malicious page. Those operations may include generating new forms,...

Joomla ChronoForms 6.0.17 SQL Injection

Exploit Title : Joomla ChronoForms Components 6.0.17 SQL Injection Author Discovered By : KingSkrupellos Team : Cyberizm Digital Security Army Date : 26/02/2019 Vendor Homepage : chronoengine.com Software Download Link : chronoengine.com/chronoforms Software Information Link :...

WordPress Ninja Forms Plugin < 3.3.18 XSS Vulnerability

The WordPress plugin Copyright C 2019 Greenbone Networks GmbH SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation; either version 2 of the...

Bolt - CSRF Scanning Suite

Bolt is in beta phase of development which means there can be bugs. Any production use of this tool discouraged. Pull requests and issues are welcome. I also suggest you to put this repo on watch if you are interested in it. Workflow Crawling Bolt crawls the target website to the specified depth...

January 22, 2019 — KB4481031 Cumulative update for .NET Framework 3.5 and 4.7.2 for Windows 10, version 1809 and Windows Server 2019

January 22, 2019 — KB4481031 Cumulative update for .NET Framework 3.5 and 4.7.2 for Windows 10, version 1809 and Windows Server 2019 Release Date: 01/22/2019Version: .NET Framework 3.5 and 4.7.2 Improvements and fixes This update includes quality improvements. No new operating system features are...

CVE-2018-19724

Adobe Experience Manager Forms versions 6.2, 6.3 and 6.4 have a stored cross-site scripting vulnerability. Successful exploitation could lead to sensitive information disclosure...