685 matches found
WordPress Store Locator Plus® – Gravity Forms Locations Plugin <= 6.1.1 is vulnerable to Cross Site Scripting (XSS)
Software Store Locator Plus® – Gravity Forms Locations Type Plugin Vulnerable versions = 6.1.1 Fixed in N/A OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2023-33999 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 896b7ec0dce4 Credits Rafi...
WordPress Smart phone field for Gravity Forms Plugin <= 2.0 is vulnerable to Cross Site Scripting (XSS)
Software Smart phone field for Gravity Forms Type Plugin Vulnerable versions = 2.0 Fixed in 2.1 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2023-33999 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID c510b0a80922 Credits Rafie Muhammad...
WordPress Automizy Gravity Forms Plugin <= 1.0.3 is vulnerable to Cross Site Scripting (XSS)
Software Automizy Gravity Forms Type Plugin Vulnerable versions = 1.0.3 Fixed in N/A OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2023-33999 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID b6399e0d3ef8 Credits Rafie Muhammad Patchstack...
WordPress WP Tools Gravity Forms Divi Module Plugin < 7.1.0 is vulnerable to Cross Site Scripting (XSS)
Software WP Tools Gravity Forms Divi Module Type Plugin Vulnerable versions 7.1.0 Fixed in 7.1.0 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2023-33999 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 864bb6f8df63 Credits Rafie Muhammad...
CVE-2023-2701
The Gravity Forms WordPress plugin before 2.7.5 does not escape generated URLs before outputting them in attributes, leading to Reflected Cross-Site Scripting which could be used against high-privileged users such as admin...
CVE-2023-2701
The Gravity Forms WordPress plugin before 2.7.5 does not escape generated URLs before outputting them in attributes, leading to Reflected Cross-Site Scripting which could be used against high-privileged users such as admin...
Cross site scripting
The Gravity Forms WordPress plugin before 2.7.5 does not escape generated URLs before outputting them in attributes, leading to Reflected Cross-Site Scripting which could be used against high-privileged users such as admin...
CVE-2023-2701
CVE-2023-2701 affects Gravity Forms for WordPress prior to 2.7.5. The issue is that the plugin does not escape generated URLs before outputting them in HTML attributes, causing a Reflected XSS that could target admin/high-privilege users. Remediation: upgrade to Gravity Forms 2.7.5 or later (or a...
CVE-2023-2701 Gravity Forms < 2.7.5 - Reflected XSS
The Gravity Forms WordPress plugin before 2.7.5 does not escape generated URLs before outputting them in attributes, leading to Reflected Cross-Site Scripting which could be used against high-privileged users such as admin...
CVE-2023-2701 Gravity Forms < 2.7.5 - Reflected XSS
The Gravity Forms WordPress plugin before 2.7.5 does not escape generated URLs before outputting them in attributes, leading to Reflected Cross-Site Scripting which could be used against high-privileged users such as admin...
WordPress plugin Gravity Forms 跨站脚本漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A cross-site scripting vulnerability exists...
PT-2023-20893 · WordPress · Gravity Forms
Name of the Vulnerable Software and Affected Versions: Gravity Forms WordPress plugin versions prior to 2.7.5 Description: The issue is related to Reflected Cross-Site Scripting, which occurs because the plugin does not properly escape generated URLs before outputting them in attributes. This cou...
CVE-2023-2326
The Gravity Forms Google Sheet Connector WordPress plugin before 1.3.5, gsheetconnector-gravityforms-pro WordPress plugin through 1.3.5 does not have CSRF check when updating its Access Code, which could allow attackers to make logged in admin change the access code to an arbitrary one via a CSRF...
CVE-2023-2326
The CVE-2023-2326 issue affects Gravity Forms Google Sheet Connector (and gsheetconnector-gravityforms-pro) WordPress plugins, where updating the Access Code lacked a CSRF check. This governance-level flaw could allow a logged-in administrator to change the Access Code to an arbitrary value via C...
CVE-2023-2326 Gravity Forms Google Sheet Connector < 1.3.5 - Access Code Update via CSRF
The Gravity Forms Google Sheet Connector WordPress plugin before 1.3.5, gsheetconnector-gravityforms-pro WordPress plugin through 1.3.5 does not have CSRF check when updating its Access Code, which could allow attackers to make logged in admin change the access code to an arbitrary one via a CSRF...
CVE-2023-2326 Gravity Forms Google Sheet Connector < 1.3.5 - Access Code Update via CSRF
The Gravity Forms Google Sheet Connector WordPress plugin before 1.3.5, gsheetconnector-gravityforms-pro WordPress plugin through 1.3.5 does not have CSRF check when updating its Access Code, which could allow attackers to make logged in admin change the access code to an arbitrary one via a CSRF...
PT-2023-18882 · WordPress · Gsheetconnector-Gravityforms-Pro +1
Name of the Vulnerable Software and Affected Versions: Gravity Forms Google Sheet Connector WordPress plugin versions prior to 1.3.5 gsheetconnector-gravityforms-pro WordPress plugin versions prior to 1.3.5 Description: The issue concerns a lack of CSRF check when updating the Access Code,...
WordPress plugin Gravity Forms Google Sheet Connector 跨站请求伪造漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A cross-site request forgery vulnerability...
WordPress Gravity Forms Plugin < 2.7.5 is vulnerable to Cross Site Scripting (XSS)
Software Gravity Forms Type Plugin Vulnerable versions 2.7.5 Fixed in 2.7.5 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-2701 Patch priority High CVSS severity High 7.1 Developer Claim ownership PSID 17cbc85493b8 Credits Fioravante Souza WPScan...
Gravity Forms < 2.7.5 - Reflected XSS
The plugin does not escape generated URLs before outputting them in attributes, leading to Reflected Cross-Site Scripting which could be used against high-privileged users such as admin. PoC Make a logged in admin open the following URL:...