Lucene search
K

685 matches found

Patchstack
Patchstack
added 2023/07/18 12:0 a.m.10 views

WordPress Store Locator Plus® – Gravity Forms Locations Plugin <= 6.1.1 is vulnerable to Cross Site Scripting (XSS)

Software Store Locator Plus® – Gravity Forms Locations Type Plugin Vulnerable versions = 6.1.1 Fixed in N/A OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2023-33999 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 896b7ec0dce4 Credits Rafi...

6.2AI score0.00284EPSS
Exploits0References3Affected Software1
Patchstack
Patchstack
added 2023/07/18 12:0 a.m.5 views

WordPress Smart phone field for Gravity Forms Plugin <= 2.0 is vulnerable to Cross Site Scripting (XSS)

Software Smart phone field for Gravity Forms Type Plugin Vulnerable versions = 2.0 Fixed in 2.1 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2023-33999 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID c510b0a80922 Credits Rafie Muhammad...

6.9AI score0.00284EPSS
Exploits0References3Affected Software1
Patchstack
Patchstack
added 2023/07/18 12:0 a.m.10 views

WordPress Automizy Gravity Forms Plugin <= 1.0.3 is vulnerable to Cross Site Scripting (XSS)

Software Automizy Gravity Forms Type Plugin Vulnerable versions = 1.0.3 Fixed in N/A OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2023-33999 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID b6399e0d3ef8 Credits Rafie Muhammad Patchstack...

6.2AI score0.00284EPSS
Exploits0References2Affected Software1
Patchstack
Patchstack
added 2023/07/18 12:0 a.m.6 views

WordPress WP Tools Gravity Forms Divi Module Plugin < 7.1.0 is vulnerable to Cross Site Scripting (XSS)

Software WP Tools Gravity Forms Divi Module Type Plugin Vulnerable versions 7.1.0 Fixed in 7.1.0 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2023-33999 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 864bb6f8df63 Credits Rafie Muhammad...

6.8AI score0.00284EPSS
Exploits0References3Affected Software1
OSV
OSV
added 2023/07/17 2:15 p.m.5 views

CVE-2023-2701

The Gravity Forms WordPress plugin before 2.7.5 does not escape generated URLs before outputting them in attributes, leading to Reflected Cross-Site Scripting which could be used against high-privileged users such as admin...

6.1CVSS7.3AI score0.00482EPSS
Exploits2References1
NVD
NVD
added 2023/07/17 2:15 p.m.29 views

CVE-2023-2701

The Gravity Forms WordPress plugin before 2.7.5 does not escape generated URLs before outputting them in attributes, leading to Reflected Cross-Site Scripting which could be used against high-privileged users such as admin...

6.1CVSS0.00482EPSS
Exploits2References1
Prion
Prion
added 2023/07/17 2:15 p.m.37 views

Cross site scripting

The Gravity Forms WordPress plugin before 2.7.5 does not escape generated URLs before outputting them in attributes, leading to Reflected Cross-Site Scripting which could be used against high-privileged users such as admin...

5.8CVSS6.1AI score0.00482EPSS
Exploits2References1Affected Software1
CVE
CVE
added 2023/07/17 1:30 p.m.113 views

CVE-2023-2701

CVE-2023-2701 affects Gravity Forms for WordPress prior to 2.7.5. The issue is that the plugin does not escape generated URLs before outputting them in HTML attributes, causing a Reflected XSS that could target admin/high-privilege users. Remediation: upgrade to Gravity Forms 2.7.5 or later (or a...

6.1CVSS6.2AI score0.00482EPSS
Exploits2References1Affected Software1
Cvelist
Cvelist
added 2023/07/17 1:30 p.m.30 views

CVE-2023-2701 Gravity Forms < 2.7.5 - Reflected XSS

The Gravity Forms WordPress plugin before 2.7.5 does not escape generated URLs before outputting them in attributes, leading to Reflected Cross-Site Scripting which could be used against high-privileged users such as admin...

6.3AI score0.00482EPSS
Exploits2References1
Vulnrichment
Vulnrichment
added 2023/07/17 1:30 p.m.11 views

CVE-2023-2701 Gravity Forms < 2.7.5 - Reflected XSS

The Gravity Forms WordPress plugin before 2.7.5 does not escape generated URLs before outputting them in attributes, leading to Reflected Cross-Site Scripting which could be used against high-privileged users such as admin...

6.2AI score0.00482EPSS
Exploits2References1
CNNVD
CNNVD
added 2023/07/17 12:0 a.m.5 views

WordPress plugin Gravity Forms 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A cross-site scripting vulnerability exists...

6.1CVSS6.3AI score0.00482EPSS
Exploits2References2
Positive Technologies
Positive Technologies
added 2023/07/17 12:0 a.m.6 views

PT-2023-20893 · WordPress · Gravity Forms

Name of the Vulnerable Software and Affected Versions: Gravity Forms WordPress plugin versions prior to 2.7.5 Description: The issue is related to Reflected Cross-Site Scripting, which occurs because the plugin does not properly escape generated URLs before outputting them in attributes. This cou...

6.1CVSS6.6AI score0.00482EPSS
Exploits2References4
OSV
OSV
added 2023/06/27 2:15 p.m.11 views

CVE-2023-2326

The Gravity Forms Google Sheet Connector WordPress plugin before 1.3.5, gsheetconnector-gravityforms-pro WordPress plugin through 1.3.5 does not have CSRF check when updating its Access Code, which could allow attackers to make logged in admin change the access code to an arbitrary one via a CSRF...

6.5CVSS7.5AI score0.00307EPSS
Exploits1References1
CVE
CVE
added 2023/06/27 1:17 p.m.39 views

CVE-2023-2326

The CVE-2023-2326 issue affects Gravity Forms Google Sheet Connector (and gsheetconnector-gravityforms-pro) WordPress plugins, where updating the Access Code lacked a CSRF check. This governance-level flaw could allow a logged-in administrator to change the Access Code to an arbitrary value via C...

6.5CVSS6.5AI score0.00307EPSS
Exploits1References1Affected Software1
Vulnrichment
Vulnrichment
added 2023/06/27 1:17 p.m.14 views

CVE-2023-2326 Gravity Forms Google Sheet Connector < 1.3.5 - Access Code Update via CSRF

The Gravity Forms Google Sheet Connector WordPress plugin before 1.3.5, gsheetconnector-gravityforms-pro WordPress plugin through 1.3.5 does not have CSRF check when updating its Access Code, which could allow attackers to make logged in admin change the access code to an arbitrary one via a CSRF...

7AI score0.00307EPSS
Exploits1References1
Cvelist
Cvelist
added 2023/06/27 1:17 p.m.53 views

CVE-2023-2326 Gravity Forms Google Sheet Connector < 1.3.5 - Access Code Update via CSRF

The Gravity Forms Google Sheet Connector WordPress plugin before 1.3.5, gsheetconnector-gravityforms-pro WordPress plugin through 1.3.5 does not have CSRF check when updating its Access Code, which could allow attackers to make logged in admin change the access code to an arbitrary one via a CSRF...

6.7AI score0.00307EPSS
Exploits1References1
Positive Technologies
Positive Technologies
added 2023/06/27 12:0 a.m.9 views

PT-2023-18882 · WordPress · Gsheetconnector-Gravityforms-Pro +1

Name of the Vulnerable Software and Affected Versions: Gravity Forms Google Sheet Connector WordPress plugin versions prior to 1.3.5 gsheetconnector-gravityforms-pro WordPress plugin versions prior to 1.3.5 Description: The issue concerns a lack of CSRF check when updating the Access Code,...

6.5CVSS7.2AI score0.00307EPSS
Exploits1References3
CNNVD
CNNVD
added 2023/06/27 12:0 a.m.29 views

WordPress plugin Gravity Forms Google Sheet Connector 跨站请求伪造漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A cross-site request forgery vulnerability...

6.5CVSS7AI score0.00307EPSS
Exploits1References2
Patchstack
Patchstack
added 2023/06/26 12:0 a.m.14 views

WordPress Gravity Forms Plugin < 2.7.5 is vulnerable to Cross Site Scripting (XSS)

Software Gravity Forms Type Plugin Vulnerable versions 2.7.5 Fixed in 2.7.5 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-2701 Patch priority High CVSS severity High 7.1 Developer Claim ownership PSID 17cbc85493b8 Credits Fioravante Souza WPScan...

6.1CVSS5.6AI score0.00482EPSS
Exploits2References3Affected Software1
WPVulnDB
WPVulnDB
added 2023/06/21 12:0 a.m.57 views

Gravity Forms < 2.7.5 - Reflected XSS

The plugin does not escape generated URLs before outputting them in attributes, leading to Reflected Cross-Site Scripting which could be used against high-privileged users such as admin. PoC Make a logged in admin open the following URL:...

6.1CVSS8.4AI score0.00482EPSS
Exploits2Affected Software1
Rows per page
Query Builder