Lucene search
K

685 matches found

OSV
OSV
added 2023/12/20 3:15 p.m.6 views

CVE-2023-28782

Deserialization of Untrusted Data vulnerability in Rocketgenius Inc. Gravity Forms.This issue affects Gravity Forms: from n/a through 2.7.3...

9.8CVSS7.3AI score0.00616EPSS
Exploits0References1
NVD
NVD
added 2023/12/20 3:15 p.m.20 views

CVE-2023-28782

Deserialization of Untrusted Data vulnerability in Rocketgenius Inc. Gravity Forms.This issue affects Gravity Forms: from n/a through 2.7.3...

9.8CVSS0.00616EPSS
Exploits0References1
Prion
Prion
added 2023/12/20 3:15 p.m.30 views

Deserialization of untrusted data

Deserialization of Untrusted Data vulnerability in Rocketgenius Inc. Gravity Forms.This issue affects Gravity Forms: from n/a through 2.7.3...

7.5CVSS7.2AI score0.00616EPSS
Exploits0References1Affected Software1
CVE
CVE
added 2023/12/20 2:46 p.m.1182 views

CVE-2023-28782

Described vulnerability CVE-2023-28782 affects Gravity Forms WordPress plugin versions

9.8CVSS8.9AI score0.00616EPSS
Exploits0References1Affected Software1
CNNVD
CNNVD
added 2023/12/20 12:0 a.m.4 views

WordPress Plugin Gravity Forms Code Issue Vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers running PHP and MySQL.WordPress plugin is an application plugin. A code issue vulnerability exists i...

9.8CVSS6.8AI score0.00616EPSS
Exploits0References3
Cvelist
Cvelist
added 2023/11/27 4:22 p.m.28 views

CVE-2023-2707 Appointment booking addon for Gravity Forms <= 1.9.5.1 - Admin+ Stored XSS

The gAppointments WordPress plugin through 1.9.5.1 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

5AI score0.00418EPSS
Exploits1References1
WPVulnDB
WPVulnDB
added 2023/10/31 12:0 a.m.11 views

Appointment booking addon for Gravity Forms <= 1.9.5.1 - Admin+ Stored XSS

Description The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup PoC The "Translations" settings of the...

4.8CVSS4.7AI score0.00418EPSS
Exploits1
wpexploit
wpexploit
added 2023/10/31 12:0 a.m.143 views

Appointment booking addon for Gravity Forms <= 1.9.5.1 - Admin+ Stored XSS

Description The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup The "Translations" settings of the...

4.8CVSS4.8AI score0.00418EPSS
Exploits1
Cvelist
Cvelist
added 2023/09/11 7:46 p.m.22 views

CVE-2023-2705 Appointment booking addon for Gravity Forms < 1.10.0 - Reflected Cross-Site Scripting

The gAppointments WordPress plugin before 1.10.0 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against admin...

6.3AI score0.00396EPSS
Exploits2References1
Vulnrichment
Vulnrichment
added 2023/09/11 7:46 p.m.18 views

CVE-2023-2705 Appointment booking addon for Gravity Forms < 1.10.0 - Reflected Cross-Site Scripting

The gAppointments WordPress plugin before 1.10.0 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against admin...

6.1AI score0.00396EPSS
Exploits2References1
CNNVD
CNNVD
added 2023/09/11 12:0 a.m.6 views

WordPress plugin Appointment booking addon for Gravity Forms Cross Site Scripting Vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A cross-site scripting vulnerability exists...

6.1CVSS6.1AI score0.00396EPSS
Exploits2References2
WPVulnDB
WPVulnDB
added 2023/08/21 12:0 a.m.19 views

Appointment booking addon for Gravity Forms < 1.10.0 - Reflected Cross-Site Scripting

Description The plugin does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against admin PoC 1. Create a "Service" and a "Provider" under the "gAppointments" sidebar menu. 2. Create a new form within...

6.1CVSS6.1AI score0.00396EPSS
Exploits2Affected Software1
wpexploit
wpexploit
added 2023/08/21 12:0 a.m.161 views

Appointment booking addon for Gravity Forms < 1.10.0 - Reflected Cross-Site Scripting

Description The plugin does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against admin 1. Create a "Service" and a "Provider" under the "gAppointments" sidebar menu. 2. Create a new form within Gravity...

6.1CVSS6.2AI score0.00396EPSS
Exploits2
Patchstack
Patchstack
added 2023/07/19 12:0 a.m.7 views

WordPress DeMomentSomTres Gravity Forms Improvements Plugin <= 20170425 is vulnerable to Cross Site Scripting (XSS)

Software DeMomentSomTres Gravity Forms Improvements Type Plugin Vulnerable versions = 20170425 Fixed in 201805021810 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2023-33999 Patch priority High CVSS severity High 7.1 Developer Claim ownership PSID 477dcd7d6435 Credits...

6AI score0.00284EPSS
Exploits0References3Affected Software1
Patchstack
Patchstack
added 2023/07/19 12:0 a.m.6 views

WordPress Search Field for Gravity Forms Plugin <= 0.5 is vulnerable to Cross Site Scripting (XSS)

Software Search Field for Gravity Forms Type Plugin Vulnerable versions = 0.5 Fixed in 0.6 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2023-33999 Patch priority High CVSS severity High 7.1 Developer Claim ownership PSID 043a13d5d567 Credits Rafie Muhammad Patchstack...

6.1AI score0.00284EPSS
Exploits0References3Affected Software1
Patchstack
Patchstack
added 2023/07/18 12:0 a.m.9 views

WordPress Modern Designs for Gravity Forms Plugin <= 1.1.3 is vulnerable to Cross Site Scripting (XSS)

Software Modern Designs for Gravity Forms Type Plugin Vulnerable versions = 1.1.3 Fixed in N/A OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2023-33999 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 4662a347c105 Credits Rafie Muhammad...

6.9AI score0.00284EPSS
Exploits0References2Affected Software1
Patchstack
Patchstack
added 2023/07/18 12:0 a.m.9 views

WordPress Block Styler For Gravity Forms Plugin < 6.3.0 is vulnerable to Cross Site Scripting (XSS)

Software Block Styler For Gravity Forms Type Plugin Vulnerable versions 6.3.0 Fixed in 6.3.0 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2023-33999 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID cb51772428c4 Credits Rafie Muhammad...

6.8AI score0.00284EPSS
Exploits0References3Affected Software1
Patchstack
Patchstack
added 2023/07/18 12:0 a.m.8 views

WordPress Gravity Forms Sticky List Plugin <= 1.5.2 is vulnerable to Cross Site Scripting (XSS)

Software Gravity Forms Sticky List Type Plugin Vulnerable versions = 1.5.2 Fixed in N/A OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2023-33999 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 70cee7cd7d21 Credits Rafie Muhammad Patchstac...

6.4AI score0.00284EPSS
Exploits0References2Affected Software1
Patchstack
Patchstack
added 2023/07/18 12:0 a.m.5 views

WordPress Multi Page Auto Advance for Gravity Forms Plugin <= 4.5.3 is vulnerable to Cross Site Scripting (XSS)

Software Multi Page Auto Advance for Gravity Forms Type Plugin Vulnerable versions = 4.5.3 Fixed in 4.5.4 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2023-33999 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID f780e1038525 Credits Rafie...

6.4AI score0.00284EPSS
Exploits0References3Affected Software1
Patchstack
Patchstack
added 2023/07/18 12:0 a.m.10 views

WordPress SV Gravity Forms Enhancer Plugin <= 1.9.00 is vulnerable to Cross Site Scripting (XSS)

Software SV Gravity Forms Enhancer Type Plugin Vulnerable versions = 1.9.00 Fixed in N/A OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2023-33999 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 28ef228ef004 Credits Rafie Muhammad Patchsta...

6.3AI score0.00284EPSS
Exploits0References3Affected Software1
Rows per page
Query Builder