Lucene search
K

685 matches found

Patchstack
Patchstack
added 2022/02/28 12:0 a.m.8 views

WordPress Block Styler For Gravity Forms plugin <= 5.0.0 - Sensitive Information Disclosure vulnerability

Sensitive Information Disclosure vulnerability discovered in WordPress Block Styler For Gravity Forms plugin versions = 5.0.0. Solution No patched version available...

2.6AI score
Exploits0References2Affected Software1
Patchstack
Patchstack
added 2022/02/28 12:0 a.m.10 views

WordPress Block Styler For Gravity Forms plugin <= 5.0.0 - Toggle The Debug Mode via Cross-Site Request Forgery (CSRF) vulnerability

Toggle The Debug Mode via Cross-Site Request Forgery CSRF vulnerability discovered in WordPress Block Styler For Gravity Forms plugin versions = 5.0.0. Solution No patched version available...

4.2AI score
Exploits0References2Affected Software1
Patchstack
Patchstack
added 2022/02/28 12:0 a.m.12 views

WordPress Store Locator Plus® – Gravity Forms Locations plugin < 5.9.1 - Toggle The Debug Mode via Cross-Site Request Forgery (CSRF) vulnerability

Toggle The Debug Mode via Cross-Site Request Forgery CSRF vulnerability discovered in WordPress Store Locator Plus® – Gravity Forms Locations plugin versions 5.9.1. Solution Update the WordPress Store Locator Plus® – Gravity Forms Locations plugin to the latest available version at least 5.9.1...

3.1AI score
Exploits0References2Affected Software1
Patchstack
Patchstack
added 2022/02/28 12:0 a.m.11 views

WordPress Modern Designs for Gravity Forms plugin <= 1.1.3 - Sensitive Information Disclosure vulnerability

Sensitive Information Disclosure vulnerability discovered in WordPress Modern Designs for Gravity Forms plugin versions = 1.1.3. Solution No patched version available...

2.6AI score
Exploits0References2Affected Software1
Patchstack
Patchstack
added 2022/02/28 12:0 a.m.10 views

WordPress Modern Designs for Gravity Forms plugin <= 1.1.3 - Toggle The Debug Mode via Cross-Site Request Forgery (CSRF) vulnerability

Toggle The Debug Mode via Cross-Site Request Forgery CSRF vulnerability discovered in WordPress Modern Designs for Gravity Forms plugin versions = 1.1.3. Solution No patched version available...

4AI score
Exploits0References2Affected Software1
Patchstack
Patchstack
added 2022/02/28 12:0 a.m.10 views

WordPress SV Gravity Forms Enhancer plugin <= 1.4.05 - Sensitive Information Disclosure vulnerability

Sensitive Information Disclosure vulnerability discovered in WordPress SV Gravity Forms Enhancer plugin versions = 1.4.05. Solution Update the WordPress SV Gravity Forms Enhancer plugin to the latest available version at least 1.8.00...

2.3AI score
Exploits0References2Affected Software1
Patchstack
Patchstack
added 2022/02/28 12:0 a.m.11 views

WordPress Automizy Gravity Forms plugin <= 1.0.3 - Toggle The Debug Mode via Cross-Site Request Forgery (CSRF) vulnerability

Toggle The Debug Mode via Cross-Site Request Forgery CSRF vulnerability discovered in WordPress Automizy Gravity Forms plugin versions = 1.0.3. Solution No patched version available...

4.1AI score
Exploits0References2Affected Software1
Patchstack
Patchstack
added 2022/02/28 12:0 a.m.12 views

WordPress Store Locator Plus® – Gravity Forms Locations plugin < 5.9.1 - Sensitive Information Disclosure vulnerability

Sensitive Information Disclosure vulnerability discovered in WordPress Store Locator Plus® – Gravity Forms Locations plugin versions 5.9.1. Solution Update the WordPress Store Locator Plus® – Gravity Forms Locations plugin to the latest available version at least 5.9.1...

2.2AI score
Exploits0References2Affected Software1
Patchstack
Patchstack
added 2022/02/28 12:0 a.m.15 views

WordPress Gravity Forms Sticky List plugin <= 1.5.2 - Toggle The Debug Mode via Cross-Site Request Forgery (CSRF) vulnerability

Toggle The Debug Mode via Cross-Site Request Forgery CSRF vulnerability discovered in WordPress Gravity Forms Sticky List plugin versions = 1.5.2. Solution No patched version available...

4.1AI score
Exploits0References2Affected Software1
OSV
OSV
added 2021/01/20 4:15 a.m.5 views

CVE-2020-27852

A stored Cross-Site Scripting XSS vulnerability in the survey feature in Rocketgenius Gravity Forms before 2.4.21 allows remote attackers to inject arbitrary web script or HTML via a textarea field. This code is interpreted by users in a privileged role Administrator, Editor, etc...

5.4CVSS6AI score0.00607EPSS
Exploits0References1
OSV
OSV
added 2021/01/20 4:15 a.m.6 views

CVE-2020-27850

A stored Cross-Site Scripting XSS vulnerability in forms import feature in Rocketgenius Gravity Forms before 2.4.21 allows remote attackers to inject arbitrary web script or HTML via the import of a GF form. This code is interpreted by users in a privileged role Administrator, Editor, etc...

4.8CVSS6AI score0.00616EPSS
Exploits0References1
OSV
OSV
added 2021/01/20 4:15 a.m.6 views

CVE-2020-27851

Multiple stored HTML injection vulnerabilities in the "poll" and "quiz" features in an additional paid add-on of Rocketgenius Gravity Forms before 2.4.21 allows remote attackers to inject arbitrary HTML code via poll or quiz answers. This code is interpreted by users in a privileged role...

5.4CVSS6.3AI score0.00607EPSS
Exploits0References1
NVD
NVD
added 2021/01/20 4:15 a.m.15 views

CVE-2020-27850

A stored Cross-Site Scripting XSS vulnerability in forms import feature in Rocketgenius Gravity Forms before 2.4.21 allows remote attackers to inject arbitrary web script or HTML via the import of a GF form. This code is interpreted by users in a privileged role Administrator, Editor, etc...

4.8CVSS4.9AI score0.00616EPSS
Exploits0References1
NVD
NVD
added 2021/01/20 4:15 a.m.12 views

CVE-2020-27851

Multiple stored HTML injection vulnerabilities in the "poll" and "quiz" features in an additional paid add-on of Rocketgenius Gravity Forms before 2.4.21 allows remote attackers to inject arbitrary HTML code via poll or quiz answers. This code is interpreted by users in a privileged role...

5.4CVSS5.9AI score0.00607EPSS
Exploits0References1
Prion
Prion
added 2021/01/20 4:15 a.m.20 views

Design/Logic Flaw

Multiple stored HTML injection vulnerabilities in the "poll" and "quiz" features in an additional paid add-on of Rocketgenius Gravity Forms before 2.4.21 allows remote attackers to inject arbitrary HTML code via poll or quiz answers. This code is interpreted by users in a privileged role...

3.5CVSS5.9AI score0.00607EPSS
Exploits0References1Affected Software1
Prion
Prion
added 2021/01/20 4:15 a.m.17 views

Cross site scripting

A stored Cross-Site Scripting XSS vulnerability in the survey feature in Rocketgenius Gravity Forms before 2.4.21 allows remote attackers to inject arbitrary web script or HTML via a textarea field. This code is interpreted by users in a privileged role Administrator, Editor, etc...

3.5CVSS5.2AI score0.00607EPSS
Exploits0References1Affected Software1
CVE
CVE
added 2021/01/20 3:14 a.m.68 views

CVE-2020-27851

CVE-2020-27851 concerns a vulnerability in a paid add-on for Gravity Forms (before 2.4.21) where stored HTML injection can be triggered through poll or quiz answers. The issue allows remote attackers to inject arbitrary HTML code, which would be interpreted by users with privileged roles (Adminis...

5.4CVSS5.8AI score0.00607EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2021/01/20 3:14 a.m.22 views

CVE-2020-27851

Multiple stored HTML injection vulnerabilities in the "poll" and "quiz" features in an additional paid add-on of Rocketgenius Gravity Forms before 2.4.21 allows remote attackers to inject arbitrary HTML code via poll or quiz answers. This code is interpreted by users in a privileged role...

5.9AI score0.00607EPSS
Exploits0References1
CVE
CVE
added 2021/01/20 3:11 a.m.65 views

CVE-2020-27852

The CVE-2020-27852 entry concerns Gravity Forms, a WordPress plugin, with a stored XSS in the survey feature exploitable via a textarea field before version 2.4.21. Affected: Gravity Forms (plugin) prior to 2.4.21. Root cause: unescaped/incorrect handling of textarea input in the survey feature t...

5.4CVSS5.2AI score0.00607EPSS
Exploits0References1Affected Software1
CVE
CVE
added 2021/01/20 3:8 a.m.72 views

CVE-2020-27850

Gravity Forms (Rocketgenius) stored XSS via the forms import feature, affecting versions prior to 2.4.21. The vulnerability allows an attacker to inject arbitrary script/HTML that is then interpreted by users with privileged roles (Administrator, Editor, etc.). Root cause is improper handling of ...

4.8CVSS4.8AI score0.00616EPSS
Exploits0References1Affected Software1
Rows per page
Query Builder