EUVD-2014-4463

Malware in sbrugna...

WordPress Infusionsoft Gravity Forms Cross-Site Scripting Vulnerability

WordPress is a blogging platform developed by the WordPress Foundation using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.Infusionsoft Gravity Forms is a plug-in that automatically sends form submissions to the Infusionsoft CRM system. A cross-site scriptin...

Cross site scripting

Multiple cross-site scripting XSS vulnerabilities in tests/notAutotestContactServicepauseCampaign.php in the Infusionsoft Gravity Forms plugin before 1.5.6 for WordPress allow remote attackers to inject arbitrary web script or HTML via the 1 go, 2 contactId, or 3 campaignId parameter...

CVE-2014-4536

Infusionsoft Gravity Forms Add-on for WordPress is affected by CVE-2014-4536: multiple XSS vulnerabilities in tests/notAuto_test_ContactService_pauseCampaign.php, exploitable via the go, contactId, or campaignId parameters in versions before 1.5.6. The nuclei template and WPVulnDB entry corrobora...

WordPress Infusionsoft Gravity Forms Add-on Arbitrary File Upload Vulnerability

WordPress Infusionsoft Gravity Forms Add-on is prone to remote file upload vulnerability. SPDX-FileCopyrightText: 2014 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...

CVE-2014-6446

The Infusionsoft Gravity Forms plugin 1.5.3 through 1.5.10 for WordPress does not properly restrict access, which allows remote attackers to upload arbitrary files and execute arbitrary PHP code via a request to utilities/codegenerator.php...