685 matches found
Cross site request forgery (csrf)
The Woo Billingo Plus WordPress plugin before 4.4.5.4, Integration for Billingo & Gravity Forms WordPress plugin before 1.0.4, Integration for Szamlazz.hu & Gravity Forms WordPress plugin before 1.2.7 are lacking CSRF checks in various AJAX actions, which could allow attackers to make logged in...
WordPress plugin Woo Billingo Plus 跨站请求伪造漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation. WordPress is a set of blogging platforms developed using the PHP language. WordPress plugin is an application plugin. WordPress Woo Billingo Plus version 4.4.5.4 or earlier, Integration for Billingo & Gravity Forms...
CVE-2022-3154
CVE-2022-3154 affects multiple WordPress plugins related to Billingo integration: Woo Billingo Plus (pre-4.4.5.4), Integration for Billingo & Gravity Forms (pre-1.0.4), and Integration for Szamlazz.hu & Gravity Forms (pre-1.2.7). The root cause is lack of CSRF checks in various AJAX actions, enab...
WordPress Integration for Szamlazz.hu & Gravity Forms plugin <= 1.2.6 - Multiple Cross-Site Request Forgery (CSRF) vulnerabilities
Multiple Cross-Site Request Forgery CSRF vulnerabilities were discovered by Lana Code in WordPress Integration for Szamlazz.hu & Gravity Forms plugin versions = 1.2.6. Solution Update the WordPress Integration for Szamlazz.hu & Gravity Forms plugin to the latest available version at least 1.2.7...
WordPress Integration for Billingo & Gravity Forms plugin <= 1.0.3 - Multiple Cross-Site Request Forgery (CSRF) vulnerabilities
Multiple Cross-Site Request Forgery CSRF vulnerabilities were discovered by Lana Code in the WordPress Integration for Billingo & Gravity Forms plugin versions = 1.0.3. Solution Update the WordPress Integration for Billingo & Gravity Forms plugin to the latest available version at least 1.0.4...
GHSA-FCJ2-RXQC-294C Gravity Forms stored HTML injection vulnerability
Multiple stored HTML injection vulnerabilities in the "poll" and "quiz" features in an additional paid add-on of Rocketgenius Gravity Forms before 2.4.21 allows remote attackers to inject arbitrary HTML code via poll or quiz answers. This code is interpreted by users in a privileged role...
GHSA-WMH7-782F-XFW5 Gravity Forms stored Cross-Site Scripting (XSS) vulnerability
A stored Cross-Site Scripting XSS vulnerability in forms import feature in Rocketgenius Gravity Forms before 2.4.21 allows remote attackers to inject arbitrary web script or HTML via the import of a GF form. This code is interpreted by users in a privileged role Administrator, Editor, etc...
GHSA-PJV5-V9GV-3679 Gravity Forms stored Cross-Site Scripting (XSS) vulnerability in the survey feature
A stored Cross-Site Scripting XSS vulnerability in the survey feature in Rocketgenius Gravity Forms before 2.4.21 allows remote attackers to inject arbitrary web script or HTML via a textarea field. This code is interpreted by users in a privileged role Administrator, Editor, etc...
Gravity Forms stored HTML injection vulnerability
Multiple stored HTML injection vulnerabilities in the "poll" and "quiz" features in an additional paid add-on of Rocketgenius Gravity Forms before 2.4.21 allows remote attackers to inject arbitrary HTML code via poll or quiz answers. This code is interpreted by users in a privileged role...
Gravity Forms stored Cross-Site Scripting (XSS) vulnerability in the survey feature
A stored Cross-Site Scripting XSS vulnerability in the survey feature in Rocketgenius Gravity Forms before 2.4.21 allows remote attackers to inject arbitrary web script or HTML via a textarea field. This code is interpreted by users in a privileged role Administrator, Editor, etc...
Gravity Forms stored Cross-Site Scripting (XSS) vulnerability
A stored Cross-Site Scripting XSS vulnerability in forms import feature in Rocketgenius Gravity Forms before 2.4.21 allows remote attackers to inject arbitrary web script or HTML via the import of a GF form. This code is interpreted by users in a privileged role Administrator, Editor, etc...
GHSA-M983-Q76G-CWPQ Gravity Forms plugin leak hashed passwords
common.php in the Gravity Forms plugin before 2.4.9 for WordPress can leak hashed passwords because userpass is not considered a special case for a $currentuser-get$property call...
Gravity Forms plugin leak hashed passwords
common.php in the Gravity Forms plugin before 2.4.9 for WordPress can leak hashed passwords because userpass is not considered a special case for a $currentuser-get$property call...
WordPress WP Tools Gravity Forms Divi Module plugin <= 6.6.2 - Sensitive Information Disclosure vulnerability
Sensitive Information Disclosure vulnerability discovered in WordPress WP Tools Gravity Forms Divi Module plugin versions = 6.6.2. Solution Update the WordPress WP Tools Gravity Forms Divi Module plugin to the latest available version at least 6.6.3...
WordPress WP Tools Gravity Forms Divi Module plugin <= 6.6.2 - Toggle The Debug Mode via Cross-Site Request Forgery (CSRF) vulnerability
Toggle The Debug Mode via Cross-Site Request Forgery CSRF vulnerability discovered in WordPress WP Tools Gravity Forms Divi Module plugin versions = 6.6.2. Solution Update the WordPress WP Tools Gravity Forms Divi Module plugin to the latest available version at least 6.6.3...
WordPress Multi Page Auto Advance for Gravity Forms plugin <= 4.2 - Toggle The Debug Mode via Cross-Site Request Forgery (CSRF) vulnerability
Toggle The Debug Mode via Cross-Site Request Forgery CSRF vulnerability discovered in WordPress Multi Page Auto Advance for Gravity Forms plugin versions = 4.2. Solution Update the WordPress Multi Page Auto Advance for Gravity Forms plugin to the latest available version at least 4.3...
WordPress Gravity Forms Sticky List plugin <= 1.5.2 - Sensitive Information Disclosure vulnerability
Sensitive Information Disclosure vulnerability discovered in WordPress Gravity Forms Sticky List plugin versions = 1.5.2. Solution No patched version available...
WordPress SV Gravity Forms Enhancer plugin <= 1.4.05 - Toggle The Debug Mode via Cross-Site Request Forgery (CSRF) vulnerability
Toggle The Debug Mode via Cross-Site Request Forgery CSRF vulnerability discovered in WordPress SV Gravity Forms Enhancer plugin versions = 1.4.05. Solution Update the WordPress SV Gravity Forms Enhancer plugin to the latest available version at least 1.8.00...
WordPress Multi Page Auto Advance for Gravity Forms plugin <= 4.2 - Sensitive Information Disclosure vulnerability
Sensitive Information Disclosure vulnerability discovered in WordPress Multi Page Auto Advance for Gravity Forms plugin versions = 4.2. Solution Update the WordPress Multi Page Auto Advance for Gravity Forms plugin to the latest available version at least 4.3...
WordPress Automizy Gravity Forms plugin <= 1.0.3 - Sensitive Information Disclosure vulnerability
Sensitive Information Disclosure vulnerability discovered in WordPress Automizy Gravity Forms plugin versions = 1.0.3. Solution No patched version available...