17 matches found
CVE-2019-25578
phpTransformer 2016.9 contains an SQL injection vulnerability that allows remote attackers to execute arbitrary SQL queries by injecting malicious code through the idnews parameter. Attackers can send crafted GET requests to GeneratePDF.php with SQL payloads in the idnews parameter to extract...
EUVD-2022-42500
Malicious code in bioql PyPI...
EUVD-2024-36754
Malicious code in bioql PyPI...
CVE-2024-37555
Unrestricted Upload of File with Dangerous Type vulnerability in ZealousWeb Generate PDF using Contact Form 7 generate-pdf-using-contact-form-7.This issue affects Generate PDF using Contact Form 7: from n/a through = 4.1.2...
CVE-2024-37555
The CVE-2024-37555 entry concerns the WordPress plugin Generate PDF using Contact Form 7, affected versions 4.0.6 and earlier. Affected component is the file upload handling, with the root cause described as an Unrestricted Upload of File with Dangerous Type, enabling arbitrary file upload. Impac...
WordPress Generate PDF using Contact Form 7 plugin <= 4.1.2 - CSRF to Arbitrary File Upload vulnerability
CSRF to Arbitrary File Upload vulnerability discovered by Peng Zhou Patchstack Alliance in WordPress Plugin Generate PDF using Contact Form 7 versions = 4.1.2...
WordPress Generate PDF using Contact Form 7 plugin <= 4.1.2 - Cross-Site Request Forgery to Arbitrary File Deletion vulnerability
Cross-Site Request Forgery to Arbitrary File Deletion vulnerability discovered by István Márton in WordPress Plugin Generate PDF using Contact Form 7 versions = 4.1.2...
PT-2024-37538 · WordPress · Generate Pdf Using Contact Form 7
Name of the Vulnerable Software and Affected Versions: Generate PDF using Contact Form 7 plugin for WordPress versions up to, and including, 4.0.6 Description: The issue is due to missing nonce validation and the plugin not properly validating a file or its path prior to deleting it in the wp cf7...
PT-2024-27653 · Zealousweb · Zealousweb Generate Pdf Using Contact Form 7
Name of the Vulnerable Software and Affected Versions: ZealousWeb Generate PDF using Contact Form 7 versions 4.0.6 and earlier Description: The issue is related to an Unrestricted Upload of File with Dangerous Type, which affects ZealousWeb Generate PDF using Contact Form 7. Recommendations: For...
WordPress plugin Generate PDF using Contact Form Code Issue Vulnerability
WordPress and WordPress plugin are both products of the WordPress Foundation. WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A code issue exists in WordPress plugin...
PT-2024-37537 · WordPress · Generate Pdf Using Contact Form 7
Name of the Vulnerable Software and Affected Versions: Generate PDF using Contact Form 7 plugin for WordPress versions up to, and including, 4.0.6 Description: The issue is due to missing nonce validation and missing file type validation in the wp cf7 pdf dashboard html page function, making it...
WordPress plugin Generate PDF using Contact Form security vulnerability
WordPress and WordPress plugin are both products of the WordPress Foundation. WordPress is a blogging platform developed in the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A security vulnerability exists in WordPress...
Stored xss in print generate and preview pdf
HI Team, In pimcore dev url https://11.x-dev.pimcore.fun/admin/ I found one stored xss in generate and preview pdf . The author field and title field is vulnerable to xss Step to reproduce 1. Login to dev url https://11.x-dev.pimcore.fun/admin/ 2. add a print container page in documents 3. Insert...
CVE-2022-3070
The Generate PDF WordPress plugin before 3.6 does not sanitise and escape its settings, allowing high privilege users such as admin to perform cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed...
CVE-2022-3070 Generate PDF using Contact Form 7 < 3.6 - Admin+ Stored Cross-Site Scripting
The Generate PDF WordPress plugin before 3.6 does not sanitise and escape its settings, allowing high privilege users such as admin to perform cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed...
CVE-2022-3070
The CVE-2022-3070 entry corresponds to a vulnerability in the WordPress plugin Generate PDF using Contact Form 7 (CF7) before version 3.6. The underlying issue is that the plugin does not sanitize and escape its settings, enabling stored cross-site scripting (XSS) by high-privilege users (e.g., a...
WordPress plugin Generate PDF 跨站脚本漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. WordPress Generate PDF 3.6...