685 matches found
Gravity Forms < 2.7.5 - Reflected XSS
The plugin does not escape generated URLs before outputting them in attributes, leading to Reflected Cross-Site Scripting which could be used against high-privileged users such as admin. Make a logged in admin open the following URL:...
The vulnerability of the maybe_unserialize() function in the Gravity Forms plugin for WordPress content management system allows a hacker to gain access to read, modify, or delete files, or execute arbitrary code.
The vulnerability of the maybeunserialize function in the Gravity Forms plugin of the WordPress content management system is related to deficiencies in the deserialization mechanism. Exploiting this vulnerability could allow an attacker to gain read, modify, or delete access to files, or execute...
CVE-2015-10117
A vulnerability, which was classified as problematic, was found in Gravity Forms DPS PxPay Plugin up to 1.4.2 on WordPress. Affected is an unknown function. The manipulation leads to cross site scripting. It is possible to launch the attack remotely. Upgrading to version 1.4.3 is able to address...
Cross site scripting
A vulnerability, which was classified as problematic, was found in Gravity Forms DPS PxPay Plugin up to 1.4.2 on WordPress. Affected is an unknown function. The manipulation leads to cross site scripting. It is possible to launch the attack remotely. Upgrading to version 1.4.3 is able to address...
CVE-2015-10117
The CVE-2015-10117 entry concerns Gravity Forms DPS PxPay Plugin for WordPress, affected in versions up to 1.4.2. The vulnerability is a cross-site scripting flaw due to an unknown function, enabling remote execution of an attack. Remediation is upgrading to version 1.4.3, with patch identifier 5...
CVE-2015-10117 Gravity Forms DPS PxPay Plugin cross site scripting
A vulnerability, which was classified as problematic, was found in Gravity Forms DPS PxPay Plugin up to 1.4.2 on WordPress. Affected is an unknown function. The manipulation leads to cross site scripting. It is possible to launch the attack remotely. Upgrading to version 1.4.3 is able to address...
PT-2023-10295 · WordPress · Gravity Forms Dps Pxpay Plugin
Name of the Vulnerable Software and Affected Versions: Gravity Forms DPS PxPay Plugin versions up to 1.4.2 Description: A problematic issue was found in the Gravity Forms DPS PxPay Plugin, affecting an unknown function. This issue leads to cross-site scripting and can be launched remotely...
WordPress Plugin Gravity Forms DPS PxPay 跨站脚本漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site scripting...
WordPress Gravity Forms Google Sheet Connector Plugin <= 1.3.4 is vulnerable to Cross Site Request Forgery (CSRF)
Software Gravity Forms Google Sheet Connector Type Plugin Vulnerable versions = 1.3.4 Fixed in 1.3.5 OWASP Top 10 A5: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2023-2326 Patch priority Low CVSS severity Low 5.4 Developer Claim ownership PSID 85099be455b9 Credits...
Urgent WordPress Update Fixes Critical Flaw in Jetpack Plugin on Million of Sites
WordPress has issued an automatic update to address a critical flaw in the Jetpack plugin that's installed on over five million sites. The vulnerability, which was unearthed during an internal security audit, resides in an API present in the plugin since version 2.0, which was released in Novembe...
Gravity Forms < 2.7.4 - Unauthenticated PHP Object Injection
The plugin unserializes user input via the getfieldinput, which could allow unauthenticated users to perform PHP Object Injection when a suitable gadget is present on the blog...
WordPress Gravity Forms Plugin <= 2.7.3 is vulnerable to PHP Object Injection
Software Gravity Forms Type Plugin Vulnerable versions = 2.7.3 Fixed in 2.7.4 OWASP Top 10 A1: Injection Classification PHP Object Injection CVE CVE-2023-28782 Patch priority High CVSS severity High 8.3 Developer Claim ownership PSID 97930c86f0b1 Credits Rafie Muhammad Patchstack Required privile...
CVE-2023-2706
The OTP Login Woocommerce & Gravity Forms plugin for WordPress is vulnerable to authentication bypass. This is due to the fact that when generating OTP codes for users to use in order to login via phone number, the plugin returns these codes in an AJAX response. This makes it possible for...
Authentication flaw
The OTP Login Woocommerce & Gravity Forms plugin for WordPress is vulnerable to authentication bypass. This is due to the fact that when generating OTP codes for users to use in order to login via phone number, the plugin returns these codes in an AJAX response. This makes it possible for...
CVE-2023-2706
CVE-2023-2706 concerns the OTP Login Woocommerce & Gravity Forms plugin for WordPress. The vulnerability is an authentication bypass where OTP codes generated for login via phone numbers are returned in an AJAX response, enabling unauthenticated attackers to obtain administrator login codes if th...
WordPress plugin OTP Login Woocommerce & Gravity Forms 授权问题漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. WordPress is a blogging platform developed in the PHP language that supports personal blogs on PHP and MySQL servers.WordPress plugin is an application...
WordPress OTP Login Woocommerce & Gravity Forms Plugin <= 2.2 is vulnerable to Privilege Escalation
Software OTP Login Woocommerce & Gravity Forms Type Plugin Vulnerable versions = 2.2 Fixed in 2.3 OWASP Top 10 A2: Broken Authentication Classification Privilege Escalation CVE CVE-2023-2706 Patch priority Low CVSS severity Low 8.1 Developer Claim ownership PSID cdf1600db409 Credits István Márton...
PT-2023-3011 · WordPress · Gravity Forms
Name of the Vulnerable Software and Affected Versions: Gravity Forms versions n/a through 2.7.3 Description: The issue is related to the deserialization of untrusted data in Gravity Forms, which can be exploited by a remote attacker to gain read, modify, or delete access to files or execute...
WordPress Woo Billingo Plus and Integration for Billingo & Gravity Forms Cross-Site Request Forgery Vulnerability
WordPress and WordPress plugin are both products of the WordPress Foundation. WordPress is a set of blogging platforms developed using the PHP language. WordPress plugin is an application plugin. WordPress Woo Billingo Plus version 4.4.5.4 or earlier, Integration for Billingo & Gravity Forms...
CVE-2022-3154
The Woo Billingo Plus WordPress plugin before 4.4.5.4, Integration for Billingo & Gravity Forms WordPress plugin before 1.0.4, Integration for Szamlazz.hu & Gravity Forms WordPress plugin before 1.2.7 are lacking CSRF checks in various AJAX actions, which could allow attackers to make logged in...