685 matches found
CVE-2023-28782
Deserialization of Untrusted Data vulnerability in Rocketgenius Inc. Gravity Forms.This issue affects Gravity Forms: from n/a through 2.7.3...
CVE-2023-28782
Deserialization of Untrusted Data vulnerability in Rocketgenius Inc. Gravity Forms.This issue affects Gravity Forms: from n/a through 2.7.3...
Deserialization of untrusted data
Deserialization of Untrusted Data vulnerability in Rocketgenius Inc. Gravity Forms.This issue affects Gravity Forms: from n/a through 2.7.3...
CVE-2023-28782
Described vulnerability CVE-2023-28782 affects Gravity Forms WordPress plugin versions
WordPress Plugin Gravity Forms Code Issue Vulnerability
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers running PHP and MySQL.WordPress plugin is an application plugin. A code issue vulnerability exists i...
CVE-2023-2707 Appointment booking addon for Gravity Forms <= 1.9.5.1 - Admin+ Stored XSS
The gAppointments WordPress plugin through 1.9.5.1 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...
Appointment booking addon for Gravity Forms <= 1.9.5.1 - Admin+ Stored XSS
Description The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup PoC The "Translations" settings of the...
Appointment booking addon for Gravity Forms <= 1.9.5.1 - Admin+ Stored XSS
Description The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup The "Translations" settings of the...
CVE-2023-2705 Appointment booking addon for Gravity Forms < 1.10.0 - Reflected Cross-Site Scripting
The gAppointments WordPress plugin before 1.10.0 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against admin...
CVE-2023-2705 Appointment booking addon for Gravity Forms < 1.10.0 - Reflected Cross-Site Scripting
The gAppointments WordPress plugin before 1.10.0 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against admin...
WordPress plugin Appointment booking addon for Gravity Forms Cross Site Scripting Vulnerability
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A cross-site scripting vulnerability exists...
Appointment booking addon for Gravity Forms < 1.10.0 - Reflected Cross-Site Scripting
Description The plugin does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against admin PoC 1. Create a "Service" and a "Provider" under the "gAppointments" sidebar menu. 2. Create a new form within...
Appointment booking addon for Gravity Forms < 1.10.0 - Reflected Cross-Site Scripting
Description The plugin does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against admin 1. Create a "Service" and a "Provider" under the "gAppointments" sidebar menu. 2. Create a new form within Gravity...
WordPress DeMomentSomTres Gravity Forms Improvements Plugin <= 20170425 is vulnerable to Cross Site Scripting (XSS)
Software DeMomentSomTres Gravity Forms Improvements Type Plugin Vulnerable versions = 20170425 Fixed in 201805021810 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2023-33999 Patch priority High CVSS severity High 7.1 Developer Claim ownership PSID 477dcd7d6435 Credits...
WordPress Search Field for Gravity Forms Plugin <= 0.5 is vulnerable to Cross Site Scripting (XSS)
Software Search Field for Gravity Forms Type Plugin Vulnerable versions = 0.5 Fixed in 0.6 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2023-33999 Patch priority High CVSS severity High 7.1 Developer Claim ownership PSID 043a13d5d567 Credits Rafie Muhammad Patchstack...
WordPress Modern Designs for Gravity Forms Plugin <= 1.1.3 is vulnerable to Cross Site Scripting (XSS)
Software Modern Designs for Gravity Forms Type Plugin Vulnerable versions = 1.1.3 Fixed in N/A OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2023-33999 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 4662a347c105 Credits Rafie Muhammad...
WordPress Block Styler For Gravity Forms Plugin < 6.3.0 is vulnerable to Cross Site Scripting (XSS)
Software Block Styler For Gravity Forms Type Plugin Vulnerable versions 6.3.0 Fixed in 6.3.0 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2023-33999 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID cb51772428c4 Credits Rafie Muhammad...
WordPress Gravity Forms Sticky List Plugin <= 1.5.2 is vulnerable to Cross Site Scripting (XSS)
Software Gravity Forms Sticky List Type Plugin Vulnerable versions = 1.5.2 Fixed in N/A OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2023-33999 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 70cee7cd7d21 Credits Rafie Muhammad Patchstac...
WordPress Multi Page Auto Advance for Gravity Forms Plugin <= 4.5.3 is vulnerable to Cross Site Scripting (XSS)
Software Multi Page Auto Advance for Gravity Forms Type Plugin Vulnerable versions = 4.5.3 Fixed in 4.5.4 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2023-33999 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID f780e1038525 Credits Rafie...
WordPress SV Gravity Forms Enhancer Plugin <= 1.9.00 is vulnerable to Cross Site Scripting (XSS)
Software SV Gravity Forms Enhancer Type Plugin Vulnerable versions = 1.9.00 Fixed in N/A OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2023-33999 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 28ef228ef004 Credits Rafie Muhammad Patchsta...