Lucene search
K

685 matches found

Prion
Prion
added 2022/10/10 9:15 p.m.19 views

Cross site request forgery (csrf)

The Woo Billingo Plus WordPress plugin before 4.4.5.4, Integration for Billingo & Gravity Forms WordPress plugin before 1.0.4, Integration for Szamlazz.hu & Gravity Forms WordPress plugin before 1.2.7 are lacking CSRF checks in various AJAX actions, which could allow attackers to make logged in...

5.8CVSS6.8AI score0.00337EPSS
Exploits2References1Affected Software3
CNNVD
CNNVD
added 2022/10/10 12:0 a.m.4 views

WordPress plugin Woo Billingo Plus 跨站请求伪造漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation. WordPress is a set of blogging platforms developed using the PHP language. WordPress plugin is an application plugin. WordPress Woo Billingo Plus version 4.4.5.4 or earlier, Integration for Billingo & Gravity Forms...

7.1CVSS6.7AI score0.00337EPSS
Exploits2References2
CVE
CVE
added 2022/10/10 12:0 a.m.59 views

CVE-2022-3154

CVE-2022-3154 affects multiple WordPress plugins related to Billingo integration: Woo Billingo Plus (pre-4.4.5.4), Integration for Billingo & Gravity Forms (pre-1.0.4), and Integration for Szamlazz.hu & Gravity Forms (pre-1.2.7). The root cause is lack of CSRF checks in various AJAX actions, enab...

7.1CVSS7AI score0.00337EPSS
Exploits2References1Affected Software1
Patchstack
Patchstack
added 2022/09/14 12:0 a.m.19 views

WordPress Integration for Szamlazz.hu & Gravity Forms plugin <= 1.2.6 - Multiple Cross-Site Request Forgery (CSRF) vulnerabilities

Multiple Cross-Site Request Forgery CSRF vulnerabilities were discovered by Lana Code in WordPress Integration for Szamlazz.hu & Gravity Forms plugin versions = 1.2.6. Solution Update the WordPress Integration for Szamlazz.hu & Gravity Forms plugin to the latest available version at least 1.2.7...

7.1CVSS3.5AI score0.00337EPSS
Exploits2References1Affected Software1
Patchstack
Patchstack
added 2022/09/14 12:0 a.m.14 views

WordPress Integration for Billingo & Gravity Forms plugin <= 1.0.3 - Multiple Cross-Site Request Forgery (CSRF) vulnerabilities

Multiple Cross-Site Request Forgery CSRF vulnerabilities were discovered by Lana Code in the WordPress Integration for Billingo & Gravity Forms plugin versions = 1.0.3. Solution Update the WordPress Integration for Billingo & Gravity Forms plugin to the latest available version at least 1.0.4...

7.1CVSS3.4AI score0.00337EPSS
Exploits2References1Affected Software1
OSV
OSV
added 2022/05/24 5:39 p.m.24 views

GHSA-FCJ2-RXQC-294C Gravity Forms stored HTML injection vulnerability

Multiple stored HTML injection vulnerabilities in the "poll" and "quiz" features in an additional paid add-on of Rocketgenius Gravity Forms before 2.4.21 allows remote attackers to inject arbitrary HTML code via poll or quiz answers. This code is interpreted by users in a privileged role...

5.4CVSS5.9AI score0.00607EPSS
Exploits0References3
OSV
OSV
added 2022/05/24 5:39 p.m.19 views

GHSA-WMH7-782F-XFW5 Gravity Forms stored Cross-Site Scripting (XSS) vulnerability

A stored Cross-Site Scripting XSS vulnerability in forms import feature in Rocketgenius Gravity Forms before 2.4.21 allows remote attackers to inject arbitrary web script or HTML via the import of a GF form. This code is interpreted by users in a privileged role Administrator, Editor, etc...

4.8CVSS4.9AI score0.00616EPSS
Exploits0References3
OSV
OSV
added 2022/05/24 5:39 p.m.12 views

GHSA-PJV5-V9GV-3679 Gravity Forms stored Cross-Site Scripting (XSS) vulnerability in the survey feature

A stored Cross-Site Scripting XSS vulnerability in the survey feature in Rocketgenius Gravity Forms before 2.4.21 allows remote attackers to inject arbitrary web script or HTML via a textarea field. This code is interpreted by users in a privileged role Administrator, Editor, etc...

5.4CVSS5.2AI score0.00607EPSS
Exploits0References3
Github Security Blog
Github Security Blog
added 2022/05/24 5:39 p.m.19 views

Gravity Forms stored HTML injection vulnerability

Multiple stored HTML injection vulnerabilities in the "poll" and "quiz" features in an additional paid add-on of Rocketgenius Gravity Forms before 2.4.21 allows remote attackers to inject arbitrary HTML code via poll or quiz answers. This code is interpreted by users in a privileged role...

5.4CVSS7.4AI score0.00607EPSS
Exploits0References3Affected Software1
Github Security Blog
Github Security Blog
added 2022/05/24 5:39 p.m.19 views

Gravity Forms stored Cross-Site Scripting (XSS) vulnerability in the survey feature

A stored Cross-Site Scripting XSS vulnerability in the survey feature in Rocketgenius Gravity Forms before 2.4.21 allows remote attackers to inject arbitrary web script or HTML via a textarea field. This code is interpreted by users in a privileged role Administrator, Editor, etc...

5.4CVSS5.5AI score0.00607EPSS
Exploits0References3Affected Software1
Github Security Blog
Github Security Blog
added 2022/05/24 5:39 p.m.40 views

Gravity Forms stored Cross-Site Scripting (XSS) vulnerability

A stored Cross-Site Scripting XSS vulnerability in forms import feature in Rocketgenius Gravity Forms before 2.4.21 allows remote attackers to inject arbitrary web script or HTML via the import of a GF form. This code is interpreted by users in a privileged role Administrator, Editor, etc...

4.8CVSS5.6AI score0.00616EPSS
Exploits0References3Affected Software1
OSV
OSV
added 2022/05/24 5:18 p.m.10 views

GHSA-M983-Q76G-CWPQ Gravity Forms plugin leak hashed passwords

common.php in the Gravity Forms plugin before 2.4.9 for WordPress can leak hashed passwords because userpass is not considered a special case for a $currentuser-get$property call...

7.5CVSS7.4AI score0.0183EPSS
Exploits0References4
Github Security Blog
Github Security Blog
added 2022/05/24 5:18 p.m.30 views

Gravity Forms plugin leak hashed passwords

common.php in the Gravity Forms plugin before 2.4.9 for WordPress can leak hashed passwords because userpass is not considered a special case for a $currentuser-get$property call...

7.5CVSS7.2AI score0.0183EPSS
Exploits0References4Affected Software1
Patchstack
Patchstack
added 2022/02/28 12:0 a.m.13 views

WordPress WP Tools Gravity Forms Divi Module plugin <= 6.6.2 - Sensitive Information Disclosure vulnerability

Sensitive Information Disclosure vulnerability discovered in WordPress WP Tools Gravity Forms Divi Module plugin versions = 6.6.2. Solution Update the WordPress WP Tools Gravity Forms Divi Module plugin to the latest available version at least 6.6.3...

2.4AI score
Exploits0References2Affected Software1
Patchstack
Patchstack
added 2022/02/28 12:0 a.m.15 views

WordPress WP Tools Gravity Forms Divi Module plugin <= 6.6.2 - Toggle The Debug Mode via Cross-Site Request Forgery (CSRF) vulnerability

Toggle The Debug Mode via Cross-Site Request Forgery CSRF vulnerability discovered in WordPress WP Tools Gravity Forms Divi Module plugin versions = 6.6.2. Solution Update the WordPress WP Tools Gravity Forms Divi Module plugin to the latest available version at least 6.6.3...

2.8AI score
Exploits0References2Affected Software1
Patchstack
Patchstack
added 2022/02/28 12:0 a.m.12 views

WordPress Multi Page Auto Advance for Gravity Forms plugin <= 4.2 - Toggle The Debug Mode via Cross-Site Request Forgery (CSRF) vulnerability

Toggle The Debug Mode via Cross-Site Request Forgery CSRF vulnerability discovered in WordPress Multi Page Auto Advance for Gravity Forms plugin versions = 4.2. Solution Update the WordPress Multi Page Auto Advance for Gravity Forms plugin to the latest available version at least 4.3...

4AI score
Exploits0References2Affected Software1
Patchstack
Patchstack
added 2022/02/28 12:0 a.m.13 views

WordPress Gravity Forms Sticky List plugin <= 1.5.2 - Sensitive Information Disclosure vulnerability

Sensitive Information Disclosure vulnerability discovered in WordPress Gravity Forms Sticky List plugin versions = 1.5.2. Solution No patched version available...

2.5AI score
Exploits0References2Affected Software1
Patchstack
Patchstack
added 2022/02/28 12:0 a.m.9 views

WordPress SV Gravity Forms Enhancer plugin <= 1.4.05 - Toggle The Debug Mode via Cross-Site Request Forgery (CSRF) vulnerability

Toggle The Debug Mode via Cross-Site Request Forgery CSRF vulnerability discovered in WordPress SV Gravity Forms Enhancer plugin versions = 1.4.05. Solution Update the WordPress SV Gravity Forms Enhancer plugin to the latest available version at least 1.8.00...

3.5AI score
Exploits0References2Affected Software1
Patchstack
Patchstack
added 2022/02/28 12:0 a.m.6 views

WordPress Multi Page Auto Advance for Gravity Forms plugin <= 4.2 - Sensitive Information Disclosure vulnerability

Sensitive Information Disclosure vulnerability discovered in WordPress Multi Page Auto Advance for Gravity Forms plugin versions = 4.2. Solution Update the WordPress Multi Page Auto Advance for Gravity Forms plugin to the latest available version at least 4.3...

2.9AI score
Exploits0References2Affected Software1
Patchstack
Patchstack
added 2022/02/28 12:0 a.m.8 views

WordPress Automizy Gravity Forms plugin <= 1.0.3 - Sensitive Information Disclosure vulnerability

Sensitive Information Disclosure vulnerability discovered in WordPress Automizy Gravity Forms plugin versions = 1.0.3. Solution No patched version available...

2.8AI score
Exploits0References2Affected Software1
Rows per page
Query Builder