Lucene search
K

685 matches found

CVE
CVE
added 2019/08/13 4:40 p.m.56 views

CVE-2017-18495

The connected records confirm CVE-2017-18495 affects the Gravity Forms SMS Notifications plugin for WordPress, with a cross-site scripting (XSS) vulnerability in versions prior to 2.4.0. The issue arises from insufficient validation of client-side data, enabling an attacker to execute client-side...

6.1CVSS6.4AI score0.00915EPSS
Exploits1References1Affected Software1
Packet Storm
Packet Storm
added 2019/05/22 12:0 a.m.173 views

WordPress Inkblot Theme 4.9.10 Cross Site Request Forgery

Exploit Title : WordPress Inkblot Themes 4.9.10 Cross Site Request Forgery Author Discovered By : KingSkrupellos Team : Cyberizm Digital Security Army Date : 22/05/2019 Vendor Homepage : wordpress.org - gravityforms.com Software Download Link : github.com/mgsisk/inkblot/archive/master.zip Softwar...

7.4AI score
Exploits0
Dsquare
Dsquare
added 2018/01/11 12:0 a.m.178 views

WordPress Gravity Forms File Upload

File upload vulnerability in WordPress Gravity Forms plugin upload.php Vulnerability Type: File Upload For the exploit source code contact DSquare Security sales team...

7.1AI score
Exploits0
Patchstack
Patchstack
added 2017/12/20 12:0 a.m.18 views

WordPress Gravity Forms – Clockwork SMS plugin <=2.2 - Reflected Cross-Site Scripting (XSS) vulnerability

Reflected Cross-Site Scripting XSS vulnerability found by Elias Dimopoulos in WordPress Gravity Forms – Clockwork SMS plugin versions =2.2. Solution Update the WordPress Gravity Forms – Clockwork SMS plugin to the latest available version at least 2.4.0...

2.6AI score
Exploits0References1Affected Software1
Prion
Prion
added 2017/05/23 4:29 a.m.21 views

Unrestricted file upload

Unrestricted file upload vulnerability in includes/upload.php in the Aviary Image Editor Add-on For Gravity Forms plugin 3.0 beta for WordPress allows remote attackers to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in...

7.5CVSS8.3AI score0.41478EPSS
Exploits3References2Affected Software1
Cvelist
Cvelist
added 2017/05/23 3:56 a.m.27 views

CVE-2015-4455

Unrestricted file upload vulnerability in includes/upload.php in the Aviary Image Editor Add-on For Gravity Forms plugin 3.0 beta for WordPress allows remote attackers to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in...

9.8AI score0.41478EPSS
Exploits3References2
WPVulnDB
WPVulnDB
added 2016/10/13 12:0 a.m.9 views

Gravity Forms <= 2.0.6.5 - Authenticated Blind Cross-Site Scripting (XSS)

A blind XSS vulnerability exists in the GravityForms plugin prior to version 2.0.7, in the select option dropdown boxes on forms. If the select column is displayed on the gfentries page when viewed in the Dashboard, the code is executed by the admin / viewer of the submissions. This vulnerability...

2.6AI score
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2016/10/13 12:0 a.m.23 views

WordPress Gravity Forms Plugin <= 2.0.6.5 - XSS

This plugin is prone to a cross site scripting vulnerability. It allows attackers to inject arbitrary JavaScript or HTML code. Solution Update the plugin...

2.9AI score
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2016/06/17 12:0 a.m.8 views

WordPress Gravity Forms Plugin 1.8.19 - Arbitrary File Upload

WordPress Gravity Forms plugin is prone to an arbitrary file upload vulnerability. It allows an attacker to upload arbitrary files to the affected computer. Solution Upgrade the plugin...

3.9AI score
Exploits0References2Affected Software1
exploitpack
exploitpack
added 2016/06/17 12:0 a.m.11 views

WordPress Plugin Gravity Forms 1.8.19 - Arbitrary File Upload

WordPress Plugin Gravity Forms 1.8.19 - Arbitrary File Upload an Exploiter by AnonGuy\n"; $domain = @$argv1 == '' ? 'http://localhost/wordpress' : @$argv1; $url = "$domain/?gfpage=upload"; $shell = "$domain/wp-content/input3khan.php5"; $separator =...

0.5AI score
Exploits0
Packet Storm
Packet Storm
added 2016/06/17 12:0 a.m.29 views

WordPress Gravity Forms 1.8.19 Shell Upload

&formid=1&name=khan.php5&gformuniqueid=../../../../&fieldid=3'; curlsetopt$ch, CURLOPTRETURNTRANSFER, true; $response = curlexec$ch; curlclose$ch; if eregi'ok', $response echo "$separator\nShell at $shell\n$separator\n\n"; while $testCom != 'bubye!' $user =...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2016/06/17 12:0 a.m.47 views

WordPress Plugin Gravity Forms 1.8.19 - Arbitrary File Upload

an Exploiter by AnonGuy\n"; $domain = @$argv1 == '' ? 'http://localhost/wordpress' : @$argv1; $url = "$domain/?gfpage=upload"; $shell = "$domain/wp-content/input3khan.php5"; $separator = '-------------------------------------------------------------------'; $ch = curlinit$url; curlsetopt$ch,...

7.4AI score
Exploits0
0day.today
0day.today
added 2016/06/17 12:0 a.m.30 views

WordPress Gravity Forms 1.8.19 Plugin - Arbitrary File Upload

Exploit for php platform in category web applications an Exploiter by AnonGuy\n"; $domain = @$argv1 == '' ? 'http://localhost/wordpress' : @$argv1; $url = "$domain/?gfpage=upload"; $shell = "$domain/wp-content/input3khan.php5"; $separator =...

7.1AI score
Exploits0
Patchstack
Patchstack
added 2016/04/12 12:0 a.m.21 views

WordPress Infusionsoft Gravity Forms Add-on Plugin <= 1.5.11 - XSS

This plugin is prone to a cross site scripting vulnerability. Solution Upgrade the plugin...

6.1CVSS1.3AI score0.04195EPSS
Exploits2References2Affected Software1
wpexploit
wpexploit
added 2016/04/12 12:0 a.m.18 views

Infusionsoft Gravity Forms Add-on <= 1.5.11 - Unauthenticated Reflected Cross-Site Scripting (XSS)

The Infusionsoft Gravity Forms Add-on WordPress plugin was affected by an Unauthenticated Reflected Cross-Site Scripting XSS security vulnerability. http://www.example.com/wp-content/plugins/infusionsoft/Infusionsoft/examples/leadscoring.php?ContactId="alert1;"...

4.3CVSS0.9AI score0.04195EPSS
Exploits2References2
WPVulnDB
WPVulnDB
added 2016/04/12 12:0 a.m.15 views

Infusionsoft Gravity Forms Add-on <= 1.5.11 - Unauthenticated Reflected Cross-Site Scripting (XSS)

The Infusionsoft Gravity Forms Add-on WordPress plugin was affected by an Unauthenticated Reflected Cross-Site Scripting XSS security vulnerability. PoC http://www.example.com/wp-content/plugins/infusionsoft/Infusionsoft/examples/leadscoring.php?ContactId=""...

4.3CVSS0.3AI score0.04195EPSS
Exploits2References2Affected Software1
Patchstack
Patchstack
added 2016/03/01 12:0 a.m.14 views

WordPress Gravity Forms <= 1.9.15.11 - Authenticated Reflected XSS

Because of this vulnerability, the software incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to users. Solution Update the plugin...

2.6AI score
Exploits0References1Affected Software1
seebug.org
seebug.org
added 2015/09/07 12:0 a.m.22 views

WordPress Aviary Image Editor Add On For Gravity Forms Plugin 3.0 /includes/upload.php File Upload

No description provided by source...

7.1AI score
Exploits0
CNVD
CNVD
added 2015/06/24 12:0 a.m.9 views

WordPress Aviary Image Editor Add-on For Gravity Forms Plugin Arbitrary File Upload Vulnerability

WordPress is a blogging platform developed using the PHP language, which supports personal blog sites on PHP and MySQL servers.Aviary Image Editor Add-on For Gravity Forms is a plug-in for Gravity Forms forms that integrates the Adobe Creative SDK Photo/Image Editor add-on for Gravity Forms. An...

9.8CVSS7.8AI score0.41478EPSS
Exploits3References1
exploitpack
exploitpack
added 2015/06/12 12:0 a.m.29 views

WordPress Plugin Aviary Image Editor Addon For Gravity Forms 3.0 Beta - Arbitrary File Upload

WordPress Plugin Aviary Image Editor Addon For Gravity Forms 3.0 Beta - Arbitrary File Upload Title: Remote file upload vulnerability in aviary-image-editor-add-on-for-gravity-forms v3.0beta Wordpress plugin Author: Larry W. Cashdollar, @larry0 Date: 2015-06-07 Download Site:...

0.8AI score
Exploits0
Rows per page
Query Builder