758 matches found
CVE-2024-1415
The Responsive Contact Form Builder & Lead Generation Plugin plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.8.9. This is due to missing or incorrect nonce validation on several functions. This makes it possible for unauthenticated attacker...
CVE-2024-1415
The Responsive Contact Form Builder & Lead Generation Plugin plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.8.9. This is due to missing or incorrect nonce validation on several functions. This makes it possible for unauthenticated attacker...
CVE-2024-1415 Responsive Contact Form Builder & Lead Generation Plugin <= 1.8.9 - Cross-Site Request Forgery
The Responsive Contact Form Builder & Lead Generation Plugin plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.8.9. This is due to missing or incorrect nonce validation on several functions. This makes it possible for unauthenticated attacker...
CVE-2024-1415
CVE-2024-1415 affects the WordPress plugin Responsive Contact Form Builder & Lead Generation (lead-form-builder) up to version 1.8.9. Root cause: missing/incorrect nonce validation enables CSRF, allowing unauthenticated users to trigger actions (form deletion, lead signup, file upload) by trickin...
PT-2024-18026 · WordPress · Responsive Contact Form Builder & Lead Generation Plugin
Name of the Vulnerable Software and Affected Versions: The Responsive Contact Form Builder & Lead Generation Plugin plugin for WordPress versions prior to 1.8.9 Description: The issue allows unauthorized access to functionality due to a missing capability check on several functions. This makes it...
CVE-2024-32368
Insecure Permission vulnerability in Agasta Sanketlife 2.0 Pocket 12-Lead ECG Monitor FW Version 3.0 allows a local attacker to cause a denial of service via the Bluetooth Low Energy BLE component...
WordPress Responsive Contact Form Builder & Lead Generation Plugin plugin <= 1.8.9 - Missing Authorization vulnerability
Missing Authorization vulnerability discovered by Duc Manh in WordPress Plugin Contact Form & Lead Form Elementor Builder versions = 1.8.9...
WordPress Responsive Contact Form Builder & Lead Generation Plugin plugin <= 1.8.9 - Cross-Site Request Forgery vulnerability
Cross-Site Request Forgery vulnerability discovered by Duc Manh in WordPress Plugin Contact Form & Lead Form Elementor Builder versions = 1.8.9...
WordPress Contact Form & Lead Form Elementor Builder Plugin <= 1.8.9 is vulnerable to Broken Access Control
Software Contact Form & Lead Form Elementor Builder Type Plugin Vulnerable versions = 1.8.9 Fixed in 1.9.0 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2024-1416 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID 77bb7d4469de Credits Duc...
WordPress Contact Form & Lead Form Elementor Builder Plugin <= 1.8.9 is vulnerable to Cross Site Request Forgery (CSRF)
Software Contact Form & Lead Form Elementor Builder Type Plugin Vulnerable versions = 1.8.9 Fixed in 1.9.0 OWASP Top 10 A5: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2024-1415 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID d325c43fa35f...
Responsive Contact Form Builder & Lead Generation Plugin <= 1.8.9 - Admin+ Stored XSS
Description The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup To replicate this vulnerability, follo...
Responsive Contact Form Builder & Lead Generation Plugin <= 1.8.9 - Missing Authorization
Description The Responsive Contact Form Builder & Lead Generation Plugin plugin for WordPress is vulnerable to unauthorized access to functionality due to a missing capability check on several functions in all versions up to, and including, 1.8.9. This makes it possible for unauthenticated...
Responsive Contact Form Builder & Lead Generation Plugin <= 1.8.9 - Cross-Site Request Forgery
Description The Responsive Contact Form Builder & Lead Generation Plugin plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.8.9. This is due to missing or incorrect nonce validation on several functions. This makes it possible for...
Spring Boot Testjars founder Rob Winch
Hi, Spring fans! In this week's installment we talk Rob Winch, lead of Spring Security and founder of the exciting new project Spring Boot Testjars...
CVE-2024-0368
The Hustle plugin for WordPress (wordpress-popup) versions up to and including 7.8.3 contains hardcoded HubSpot credentials in inc/providers/hubspot/hustle-hubspot-api.php (CLIENT_ID, CLIENT_SECRET, HAPIKEY). This root cause enables exposure of HubSpot API keys and potential access to PII via Hub...
PT-2024-18311 · WordPress · Aweber – Free Sign Up Form/Landing Page Builder Plugin For Lead Generation/Email Newsletter Growth
Name of the Vulnerable Software and Affected Versions: AWeber – Free Sign Up Form and Landing Page Builder Plugin for Lead Generation and Email Newsletter Growth plugin for WordPress versions up to, and including, 7.3.14 Description: The issue allows authenticated attackers with administrator-lev...
CVE-2023-51534
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Brave Brave – Create Popup, Optins, Lead Generation, Survey, Sticky Elements & Interactive Content allows Stored XSS.This issue affects Brave – Create Popup, Optins, Lead Generation, Survey, Sticky...
CVE-2023-51532
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Icegram Icegram Engage – WordPress Lead Generation, Popup Builder, CTA, Optins and Email List Building allows Stored XSS.This issue affects Icegram Engage – WordPress Lead Generation, Popup Builder...
CVE-2023-51532
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Icegram Icegram Engage – WordPress Lead Generation, Popup Builder, CTA, Optins and Email List Building allows Stored XSS.This issue affects Icegram Engage – WordPress Lead Generation, Popup Builder...
Cross site scripting
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Brave Brave – Create Popup, Optins, Lead Generation, Survey, Sticky Elements & Interactive Content allows Stored XSS.This issue affects Brave – Create Popup, Optins, Lead Generation, Survey, Sticky...