Lucene search
K

685 matches found

wpexploit
wpexploit
added 2023/06/21 12:0 a.m.472 views

Gravity Forms < 2.7.5 - Reflected XSS

The plugin does not escape generated URLs before outputting them in attributes, leading to Reflected Cross-Site Scripting which could be used against high-privileged users such as admin. Make a logged in admin open the following URL:...

6.1CVSS8.7AI score0.00482EPSS
Exploits2
BDU FSTEC
BDU FSTEC
added 2023/06/07 12:0 a.m.5 views

The vulnerability of the maybe_unserialize() function in the Gravity Forms plugin for WordPress content management system allows a hacker to gain access to read, modify, or delete files, or execute arbitrary code.

The vulnerability of the maybeunserialize function in the Gravity Forms plugin of the WordPress content management system is related to deficiencies in the deserialization mechanism. Exploiting this vulnerability could allow an attacker to gain read, modify, or delete access to files, or execute...

10CVSS8.4AI score0.00616EPSS
Exploits0References4Affected Software1
NVD
NVD
added 2023/06/06 2:15 a.m.21 views

CVE-2015-10117

A vulnerability, which was classified as problematic, was found in Gravity Forms DPS PxPay Plugin up to 1.4.2 on WordPress. Affected is an unknown function. The manipulation leads to cross site scripting. It is possible to launch the attack remotely. Upgrading to version 1.4.3 is able to address...

6.1CVSS4.5AI score0.00607EPSS
Exploits0References4
Prion
Prion
added 2023/06/06 2:15 a.m.14 views

Cross site scripting

A vulnerability, which was classified as problematic, was found in Gravity Forms DPS PxPay Plugin up to 1.4.2 on WordPress. Affected is an unknown function. The manipulation leads to cross site scripting. It is possible to launch the attack remotely. Upgrading to version 1.4.3 is able to address...

5.8CVSS6.5AI score0.00607EPSS
Exploits0References4Affected Software1
CVE
CVE
added 2023/06/06 2:0 a.m.33 views

CVE-2015-10117

The CVE-2015-10117 entry concerns Gravity Forms DPS PxPay Plugin for WordPress, affected in versions up to 1.4.2. The vulnerability is a cross-site scripting flaw due to an unknown function, enabling remote execution of an attack. Remediation is upgrading to version 1.4.3, with patch identifier 5...

6.1CVSS4.8AI score0.00607EPSS
Exploits0References4Affected Software1
Cvelist
Cvelist
added 2023/06/06 2:0 a.m.24 views

CVE-2015-10117 Gravity Forms DPS PxPay Plugin cross site scripting

A vulnerability, which was classified as problematic, was found in Gravity Forms DPS PxPay Plugin up to 1.4.2 on WordPress. Affected is an unknown function. The manipulation leads to cross site scripting. It is possible to launch the attack remotely. Upgrading to version 1.4.3 is able to address...

4CVSS6.1AI score0.00607EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2023/06/06 12:0 a.m.7 views

PT-2023-10295 · WordPress · Gravity Forms Dps Pxpay Plugin

Name of the Vulnerable Software and Affected Versions: Gravity Forms DPS PxPay Plugin versions up to 1.4.2 Description: A problematic issue was found in the Gravity Forms DPS PxPay Plugin, affecting an unknown function. This issue leads to cross-site scripting and can be launched remotely...

6.1CVSS6.5AI score0.00607EPSS
Exploits0References6
CNNVD
CNNVD
added 2023/06/06 12:0 a.m.4 views

WordPress Plugin Gravity Forms DPS PxPay 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site scripting...

6.1CVSS4.7AI score0.00607EPSS
Exploits0References5
Patchstack
Patchstack
added 2023/06/05 12:0 a.m.13 views

WordPress Gravity Forms Google Sheet Connector Plugin <= 1.3.4 is vulnerable to Cross Site Request Forgery (CSRF)

Software Gravity Forms Google Sheet Connector Type Plugin Vulnerable versions = 1.3.4 Fixed in 1.3.5 OWASP Top 10 A5: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2023-2326 Patch priority Low CVSS severity Low 5.4 Developer Claim ownership PSID 85099be455b9 Credits...

6.5CVSS6.7AI score0.00307EPSS
Exploits1References3Affected Software1
The Hacker News
The Hacker News
added 2023/06/01 4:1 a.m.3 views

Urgent WordPress Update Fixes Critical Flaw in Jetpack Plugin on Million of Sites

WordPress has issued an automatic update to address a critical flaw in the Jetpack plugin that's installed on over five million sites. The vulnerability, which was unearthed during an internal security audit, resides in an API present in the plugin since version 2.0, which was released in Novembe...

9.8CVSS7.1AI score0.00616EPSS
Exploits0
WPVulnDB
WPVulnDB
added 2023/05/29 12:0 a.m.119 views

Gravity Forms < 2.7.4 - Unauthenticated PHP Object Injection

The plugin unserializes user input via the getfieldinput, which could allow unauthenticated users to perform PHP Object Injection when a suitable gadget is present on the blog...

7AI score0.00616EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2023/05/29 12:0 a.m.18 views

WordPress Gravity Forms Plugin <= 2.7.3 is vulnerable to PHP Object Injection

Software Gravity Forms Type Plugin Vulnerable versions = 2.7.3 Fixed in 2.7.4 OWASP Top 10 A1: Injection Classification PHP Object Injection CVE CVE-2023-28782 Patch priority High CVSS severity High 8.3 Developer Claim ownership PSID 97930c86f0b1 Credits Rafie Muhammad Patchstack Required privile...

9.8CVSS6.9AI score0.00616EPSS
Exploits0References1Affected Software1
OSV
OSV
added 2023/05/17 2:15 a.m.6 views

CVE-2023-2706

The OTP Login Woocommerce & Gravity Forms plugin for WordPress is vulnerable to authentication bypass. This is due to the fact that when generating OTP codes for users to use in order to login via phone number, the plugin returns these codes in an AJAX response. This makes it possible for...

8.1CVSS7.3AI score0.0172EPSS
Exploits0References4
Prion
Prion
added 2023/05/17 2:15 a.m.18 views

Authentication flaw

The OTP Login Woocommerce & Gravity Forms plugin for WordPress is vulnerable to authentication bypass. This is due to the fact that when generating OTP codes for users to use in order to login via phone number, the plugin returns these codes in an AJAX response. This makes it possible for...

5.1CVSS8AI score0.0172EPSS
Exploits0References4Affected Software1
CVE
CVE
added 2023/05/17 1:58 a.m.61 views

CVE-2023-2706

CVE-2023-2706 concerns the OTP Login Woocommerce & Gravity Forms plugin for WordPress. The vulnerability is an authentication bypass where OTP codes generated for login via phone numbers are returned in an AJAX response, enabling unauthenticated attackers to obtain administrator login codes if th...

8.1CVSS8.4AI score0.0172EPSS
Exploits0References4Affected Software1
CNNVD
CNNVD
added 2023/05/17 12:0 a.m.5 views

WordPress plugin OTP Login Woocommerce & Gravity Forms 授权问题漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. WordPress is a blogging platform developed in the PHP language that supports personal blogs on PHP and MySQL servers.WordPress plugin is an application...

8.1CVSS8.3AI score0.0172EPSS
Exploits0References5
Patchstack
Patchstack
added 2023/05/16 12:0 a.m.16 views

WordPress OTP Login Woocommerce & Gravity Forms Plugin <= 2.2 is vulnerable to Privilege Escalation

Software OTP Login Woocommerce & Gravity Forms Type Plugin Vulnerable versions = 2.2 Fixed in 2.3 OWASP Top 10 A2: Broken Authentication Classification Privilege Escalation CVE CVE-2023-2706 Patch priority Low CVSS severity Low 8.1 Developer Claim ownership PSID cdf1600db409 Credits István Márton...

8.1CVSS6.6AI score0.0172EPSS
Exploits0References3Affected Software1
Positive Technologies
Positive Technologies
added 2023/03/27 12:0 a.m.6 views

PT-2023-3011 · WordPress · Gravity Forms

Name of the Vulnerable Software and Affected Versions: Gravity Forms versions n/a through 2.7.3 Description: The issue is related to the deserialization of untrusted data in Gravity Forms, which can be exploited by a remote attacker to gain read, modify, or delete access to files or execute...

10CVSS9.6AI score0.00616EPSS
Exploits0References10
CNVD
CNVD
added 2022/10/12 12:0 a.m.19 views

WordPress Woo Billingo Plus and Integration for Billingo & Gravity Forms Cross-Site Request Forgery Vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation. WordPress is a set of blogging platforms developed using the PHP language. WordPress plugin is an application plugin. WordPress Woo Billingo Plus version 4.4.5.4 or earlier, Integration for Billingo & Gravity Forms...

7.1CVSS3AI score0.00337EPSS
Exploits2References1
ATTACKERKB
ATTACKERKB
added 2022/10/10 9:15 p.m.1 views

CVE-2022-3154

The Woo Billingo Plus WordPress plugin before 4.4.5.4, Integration for Billingo & Gravity Forms WordPress plugin before 1.0.4, Integration for Szamlazz.hu & Gravity Forms WordPress plugin before 1.2.7 are lacking CSRF checks in various AJAX actions, which could allow attackers to make logged in...

7.1CVSS7.1AI score0.00337EPSS
Exploits2References2Affected Software3
Rows per page
Query Builder