WordPress plugin GSheetConnector For Gravity Forms 跨站请求伪造漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A cross-site request...

CVE-2024-13377 GravityForms <= 2.9.1.3 - Unauthenticated Stored Cross-Site Scripting via 'alt' parameter

The Gravity Forms plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘alt’ parameter in all versions up to, and including, 2.9.1.3 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web script...

Malicious code in owc-gravityforms-zaaksysteem (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 673deef983f16eb6d5cd07cd47da2ad7ed5dae42fbbaac79e1ca22c1db7db6e5 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

MAL-2024-12019 Malicious code in owc-gravityforms-zaaksysteem (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 673deef983f16eb6d5cd07cd47da2ad7ed5dae42fbbaac79e1ca22c1db7db6e5 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

MAL-2024-2438 Malicious code in gravityforms (npm)

--- -= Per source details. Do not edit below this line.=-...

CVE-2024-24881

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in VeronaLabs WP SMS – Messaging & SMS Notification for WordPress, WooCommerce, GravityForms, etc allows Reflected XSS.This issue affects WP SMS – Messaging & SMS Notification for WordPress,...

Cross site scripting

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in VeronaLabs WP SMS – Messaging & SMS Notification for WordPress, WooCommerce, GravityForms, etc allows Reflected XSS.This issue affects WP SMS – Messaging & SMS Notification for WordPress,...

CVE-2024-24881 WordPress WP SMS Plugin <= 6.5.2 is vulnerable to Cross Site Scripting (XSS)

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in VeronaLabs WP SMS – Messaging & SMS Notification for WordPress, WooCommerce, GravityForms, etc allows Reflected XSS.This issue affects WP SMS – Messaging & SMS Notification for WordPress,...

CVE-2024-24881

CVE-2024-24881 is a Cross-Site Scripting (XSS) vulnerability in VeronaLabs WP SMS – Messaging & SMS Notification for WordPress, WooCommerce, GravityForms, etc. Affected versions are n/a through 6.5.2; root cause is improper input neutralization during web page generation, enabling reflected XSS. ...

CVE-2023-6980

The WP SMS – Messaging & SMS Notification for WordPress, WooCommerce, GravityForms, etc plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 6.5. This is due to missing or incorrect nonce validation on the 'delete' action of the wp-sms-subscribers...

CVE-2023-6980

The WP SMS – Messaging & SMS Notification for WordPress, WooCommerce, GravityForms, etc plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 6.5. This is due to missing or incorrect nonce validation on the 'delete' action of the wp-sms-subscribers...

CVE-2023-6981

The WP SMS – Messaging & SMS Notification for WordPress, WooCommerce, GravityForms, etc plugin for WordPress is vulnerable to SQL Injection via the 'groupid' parameter in all versions up to, and including, 6.5 due to insufficient escaping on the user supplied parameter and lack of sufficient...

Cross site scripting

The WP SMS – Messaging & SMS Notification for WordPress, WooCommerce, GravityForms, etc plugin for WordPress is vulnerable to SQL Injection via the 'groupid' parameter in all versions up to, and including, 6.5 due to insufficient escaping on the user supplied parameter and lack of sufficient...

CVE-2023-6980

WP SMS – Messaging & SMS Notification for WordPress plugin (WordPress, WooCommerce, GravityForms, etc.) up to version 6.5 is affected by Cross-Site Request Forgery due to missing/incorrect nonce validation on the delete action of the wp-sms-subscribers page. This allows unauthenticated attackers ...

CVE-2023-27447

Exposure of Sensitive Information to an Unauthorized Actor vulnerability in VeronaLabs WP SMS – Messaging & SMS Notification for WordPress, WooCommerce, GravityForms, etc.This issue affects WP SMS – Messaging & SMS Notification for WordPress, WooCommerce, GravityForms, etc: from n/a through 6.0.4...

Code injection

Exposure of Sensitive Information to an Unauthorized Actor vulnerability in VeronaLabs WP SMS – Messaging & SMS Notification for WordPress, WooCommerce, GravityForms, etc.This issue affects WP SMS – Messaging & SMS Notification for WordPress, WooCommerce, GravityForms, etc: from n/a through 6.0.4...

CVE-2023-27447

CVE-2023-27447 affects VeronaLabs WP SMS – Messaging & SMS Notification for WordPress (WordPress WP SMS Plugin) up to version 6.0.4. The issue exposes sensitive information to an unauthenticated actor (information disclosure). Patch availability: fixed in 6.0.4.1; recommended action: update to a ...

Defender Security < 4.1.0 - Protection Bypass (Hidden Login Page)

Description The plugin does not prevent redirects to the login page via the authredirect WordPress function, allowing an unauthenticated visitor to access the login page, even when the hide login page functionality of the plugin is enabled. Example using GravityForms to redirect to the login page...

Defender Security < 4.1.0 - Protection Bypass (Hidden Login Page)

Description The plugin does not prevent redirects to the login page via the authredirect WordPress function, allowing an unauthenticated visitor to access the login page, even when the hide login page functionality of the plugin is enabled. PoC Example using GravityForms to redirect to the login...

WordPress STARTEND Subscription Add-On for GravityForms Plugin <= 4.0.3 is vulnerable to Cross Site Scripting (XSS)

Software STARTEND Subscription Add-On for GravityForms Type Plugin Vulnerable versions = 4.0.3 Fixed in 4.0.6 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2023-33999 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID dc9e3b41e070 Credits...