685 matches found
CVE-2017-18495
The connected records confirm CVE-2017-18495 affects the Gravity Forms SMS Notifications plugin for WordPress, with a cross-site scripting (XSS) vulnerability in versions prior to 2.4.0. The issue arises from insufficient validation of client-side data, enabling an attacker to execute client-side...
WordPress Inkblot Theme 4.9.10 Cross Site Request Forgery
Exploit Title : WordPress Inkblot Themes 4.9.10 Cross Site Request Forgery Author Discovered By : KingSkrupellos Team : Cyberizm Digital Security Army Date : 22/05/2019 Vendor Homepage : wordpress.org - gravityforms.com Software Download Link : github.com/mgsisk/inkblot/archive/master.zip Softwar...
WordPress Gravity Forms File Upload
File upload vulnerability in WordPress Gravity Forms plugin upload.php Vulnerability Type: File Upload For the exploit source code contact DSquare Security sales team...
WordPress Gravity Forms – Clockwork SMS plugin <=2.2 - Reflected Cross-Site Scripting (XSS) vulnerability
Reflected Cross-Site Scripting XSS vulnerability found by Elias Dimopoulos in WordPress Gravity Forms – Clockwork SMS plugin versions =2.2. Solution Update the WordPress Gravity Forms – Clockwork SMS plugin to the latest available version at least 2.4.0...
Unrestricted file upload
Unrestricted file upload vulnerability in includes/upload.php in the Aviary Image Editor Add-on For Gravity Forms plugin 3.0 beta for WordPress allows remote attackers to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in...
CVE-2015-4455
Unrestricted file upload vulnerability in includes/upload.php in the Aviary Image Editor Add-on For Gravity Forms plugin 3.0 beta for WordPress allows remote attackers to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in...
Gravity Forms <= 2.0.6.5 - Authenticated Blind Cross-Site Scripting (XSS)
A blind XSS vulnerability exists in the GravityForms plugin prior to version 2.0.7, in the select option dropdown boxes on forms. If the select column is displayed on the gfentries page when viewed in the Dashboard, the code is executed by the admin / viewer of the submissions. This vulnerability...
WordPress Gravity Forms Plugin <= 2.0.6.5 - XSS
This plugin is prone to a cross site scripting vulnerability. It allows attackers to inject arbitrary JavaScript or HTML code. Solution Update the plugin...
WordPress Gravity Forms Plugin 1.8.19 - Arbitrary File Upload
WordPress Gravity Forms plugin is prone to an arbitrary file upload vulnerability. It allows an attacker to upload arbitrary files to the affected computer. Solution Upgrade the plugin...
WordPress Plugin Gravity Forms 1.8.19 - Arbitrary File Upload
WordPress Plugin Gravity Forms 1.8.19 - Arbitrary File Upload an Exploiter by AnonGuy\n"; $domain = @$argv1 == '' ? 'http://localhost/wordpress' : @$argv1; $url = "$domain/?gfpage=upload"; $shell = "$domain/wp-content/input3khan.php5"; $separator =...
WordPress Gravity Forms 1.8.19 Shell Upload
&formid=1&name=khan.php5&gformuniqueid=../../../../&fieldid=3'; curlsetopt$ch, CURLOPTRETURNTRANSFER, true; $response = curlexec$ch; curlclose$ch; if eregi'ok', $response echo "$separator\nShell at $shell\n$separator\n\n"; while $testCom != 'bubye!' $user =...
WordPress Plugin Gravity Forms 1.8.19 - Arbitrary File Upload
an Exploiter by AnonGuy\n"; $domain = @$argv1 == '' ? 'http://localhost/wordpress' : @$argv1; $url = "$domain/?gfpage=upload"; $shell = "$domain/wp-content/input3khan.php5"; $separator = '-------------------------------------------------------------------'; $ch = curlinit$url; curlsetopt$ch,...
WordPress Gravity Forms 1.8.19 Plugin - Arbitrary File Upload
Exploit for php platform in category web applications an Exploiter by AnonGuy\n"; $domain = @$argv1 == '' ? 'http://localhost/wordpress' : @$argv1; $url = "$domain/?gfpage=upload"; $shell = "$domain/wp-content/input3khan.php5"; $separator =...
WordPress Infusionsoft Gravity Forms Add-on Plugin <= 1.5.11 - XSS
This plugin is prone to a cross site scripting vulnerability. Solution Upgrade the plugin...
Infusionsoft Gravity Forms Add-on <= 1.5.11 - Unauthenticated Reflected Cross-Site Scripting (XSS)
The Infusionsoft Gravity Forms Add-on WordPress plugin was affected by an Unauthenticated Reflected Cross-Site Scripting XSS security vulnerability. http://www.example.com/wp-content/plugins/infusionsoft/Infusionsoft/examples/leadscoring.php?ContactId="alert1;"...
Infusionsoft Gravity Forms Add-on <= 1.5.11 - Unauthenticated Reflected Cross-Site Scripting (XSS)
The Infusionsoft Gravity Forms Add-on WordPress plugin was affected by an Unauthenticated Reflected Cross-Site Scripting XSS security vulnerability. PoC http://www.example.com/wp-content/plugins/infusionsoft/Infusionsoft/examples/leadscoring.php?ContactId=""...
WordPress Gravity Forms <= 1.9.15.11 - Authenticated Reflected XSS
Because of this vulnerability, the software incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to users. Solution Update the plugin...
WordPress Aviary Image Editor Add On For Gravity Forms Plugin 3.0 /includes/upload.php File Upload
No description provided by source...
WordPress Aviary Image Editor Add-on For Gravity Forms Plugin Arbitrary File Upload Vulnerability
WordPress is a blogging platform developed using the PHP language, which supports personal blog sites on PHP and MySQL servers.Aviary Image Editor Add-on For Gravity Forms is a plug-in for Gravity Forms forms that integrates the Adobe Creative SDK Photo/Image Editor add-on for Gravity Forms. An...
WordPress Plugin Aviary Image Editor Addon For Gravity Forms 3.0 Beta - Arbitrary File Upload
WordPress Plugin Aviary Image Editor Addon For Gravity Forms 3.0 Beta - Arbitrary File Upload Title: Remote file upload vulnerability in aviary-image-editor-add-on-for-gravity-forms v3.0beta Wordpress plugin Author: Larry W. Cashdollar, @larry0 Date: 2015-06-07 Download Site:...