685 matches found
WordPress Block Styler For Gravity Forms plugin <= 5.0.0 - Sensitive Information Disclosure vulnerability
Sensitive Information Disclosure vulnerability discovered in WordPress Block Styler For Gravity Forms plugin versions = 5.0.0. Solution No patched version available...
WordPress Block Styler For Gravity Forms plugin <= 5.0.0 - Toggle The Debug Mode via Cross-Site Request Forgery (CSRF) vulnerability
Toggle The Debug Mode via Cross-Site Request Forgery CSRF vulnerability discovered in WordPress Block Styler For Gravity Forms plugin versions = 5.0.0. Solution No patched version available...
WordPress Store Locator Plus® – Gravity Forms Locations plugin < 5.9.1 - Toggle The Debug Mode via Cross-Site Request Forgery (CSRF) vulnerability
Toggle The Debug Mode via Cross-Site Request Forgery CSRF vulnerability discovered in WordPress Store Locator Plus® – Gravity Forms Locations plugin versions 5.9.1. Solution Update the WordPress Store Locator Plus® – Gravity Forms Locations plugin to the latest available version at least 5.9.1...
WordPress Modern Designs for Gravity Forms plugin <= 1.1.3 - Sensitive Information Disclosure vulnerability
Sensitive Information Disclosure vulnerability discovered in WordPress Modern Designs for Gravity Forms plugin versions = 1.1.3. Solution No patched version available...
WordPress Modern Designs for Gravity Forms plugin <= 1.1.3 - Toggle The Debug Mode via Cross-Site Request Forgery (CSRF) vulnerability
Toggle The Debug Mode via Cross-Site Request Forgery CSRF vulnerability discovered in WordPress Modern Designs for Gravity Forms plugin versions = 1.1.3. Solution No patched version available...
WordPress SV Gravity Forms Enhancer plugin <= 1.4.05 - Sensitive Information Disclosure vulnerability
Sensitive Information Disclosure vulnerability discovered in WordPress SV Gravity Forms Enhancer plugin versions = 1.4.05. Solution Update the WordPress SV Gravity Forms Enhancer plugin to the latest available version at least 1.8.00...
WordPress Automizy Gravity Forms plugin <= 1.0.3 - Toggle The Debug Mode via Cross-Site Request Forgery (CSRF) vulnerability
Toggle The Debug Mode via Cross-Site Request Forgery CSRF vulnerability discovered in WordPress Automizy Gravity Forms plugin versions = 1.0.3. Solution No patched version available...
WordPress Store Locator Plus® – Gravity Forms Locations plugin < 5.9.1 - Sensitive Information Disclosure vulnerability
Sensitive Information Disclosure vulnerability discovered in WordPress Store Locator Plus® – Gravity Forms Locations plugin versions 5.9.1. Solution Update the WordPress Store Locator Plus® – Gravity Forms Locations plugin to the latest available version at least 5.9.1...
WordPress Gravity Forms Sticky List plugin <= 1.5.2 - Toggle The Debug Mode via Cross-Site Request Forgery (CSRF) vulnerability
Toggle The Debug Mode via Cross-Site Request Forgery CSRF vulnerability discovered in WordPress Gravity Forms Sticky List plugin versions = 1.5.2. Solution No patched version available...
CVE-2020-27852
A stored Cross-Site Scripting XSS vulnerability in the survey feature in Rocketgenius Gravity Forms before 2.4.21 allows remote attackers to inject arbitrary web script or HTML via a textarea field. This code is interpreted by users in a privileged role Administrator, Editor, etc...
CVE-2020-27850
A stored Cross-Site Scripting XSS vulnerability in forms import feature in Rocketgenius Gravity Forms before 2.4.21 allows remote attackers to inject arbitrary web script or HTML via the import of a GF form. This code is interpreted by users in a privileged role Administrator, Editor, etc...
CVE-2020-27851
Multiple stored HTML injection vulnerabilities in the "poll" and "quiz" features in an additional paid add-on of Rocketgenius Gravity Forms before 2.4.21 allows remote attackers to inject arbitrary HTML code via poll or quiz answers. This code is interpreted by users in a privileged role...
CVE-2020-27850
A stored Cross-Site Scripting XSS vulnerability in forms import feature in Rocketgenius Gravity Forms before 2.4.21 allows remote attackers to inject arbitrary web script or HTML via the import of a GF form. This code is interpreted by users in a privileged role Administrator, Editor, etc...
CVE-2020-27851
Multiple stored HTML injection vulnerabilities in the "poll" and "quiz" features in an additional paid add-on of Rocketgenius Gravity Forms before 2.4.21 allows remote attackers to inject arbitrary HTML code via poll or quiz answers. This code is interpreted by users in a privileged role...
Design/Logic Flaw
Multiple stored HTML injection vulnerabilities in the "poll" and "quiz" features in an additional paid add-on of Rocketgenius Gravity Forms before 2.4.21 allows remote attackers to inject arbitrary HTML code via poll or quiz answers. This code is interpreted by users in a privileged role...
Cross site scripting
A stored Cross-Site Scripting XSS vulnerability in the survey feature in Rocketgenius Gravity Forms before 2.4.21 allows remote attackers to inject arbitrary web script or HTML via a textarea field. This code is interpreted by users in a privileged role Administrator, Editor, etc...
CVE-2020-27851
CVE-2020-27851 concerns a vulnerability in a paid add-on for Gravity Forms (before 2.4.21) where stored HTML injection can be triggered through poll or quiz answers. The issue allows remote attackers to inject arbitrary HTML code, which would be interpreted by users with privileged roles (Adminis...
CVE-2020-27851
Multiple stored HTML injection vulnerabilities in the "poll" and "quiz" features in an additional paid add-on of Rocketgenius Gravity Forms before 2.4.21 allows remote attackers to inject arbitrary HTML code via poll or quiz answers. This code is interpreted by users in a privileged role...
CVE-2020-27852
The CVE-2020-27852 entry concerns Gravity Forms, a WordPress plugin, with a stored XSS in the survey feature exploitable via a textarea field before version 2.4.21. Affected: Gravity Forms (plugin) prior to 2.4.21. Root cause: unescaped/incorrect handling of textarea input in the survey feature t...
CVE-2020-27850
Gravity Forms (Rocketgenius) stored XSS via the forms import feature, affecting versions prior to 2.4.21. The vulnerability allows an attacker to inject arbitrary script/HTML that is then interpreted by users with privileged roles (Administrator, Editor, etc.). Root cause is improper handling of ...