CVE-2023-51532 WordPress Icegram Plugin <= 3.1.19 is vulnerable to Cross Site Scripting (XSS)

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Icegram Icegram Engage – WordPress Lead Generation, Popup Builder, CTA, Optins and Email List Building allows Stored XSS.This issue affects Icegram Engage – WordPress Lead Generation, Popup Builder...

CVE-2023-51534 WordPress Brave Popup Builder Plugin <= 0.6.2 is vulnerable to Cross Site Scripting (XSS)

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Brave Brave – Create Popup, Optins, Lead Generation, Survey, Sticky Elements & Interactive Content allows Stored XSS.This issue affects Brave – Create Popup, Optins, Lead Generation, Survey, Sticky...

email.leadliaison.com Cross Site Scripting vulnerability OBB-3845767

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

app.leadliaison.com Open Redirect vulnerability OBB-3845762

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

Command injection

The Contact Form & Lead Form Elementor Builder WordPress plugin before 1.7.4 doesn't have authorisation and nonce checks, which could allow any authenticated users, such as subscriber to update and change various settings...

Cross site scripting

The Contact Form & Lead Form Elementor Builder WordPress plugin before 1.7.0 does not escape some of its form fields before outputting them in attributes, which could allow high privilege users to perform Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed...

CVE-2022-23179 Contact Form & Lead Form Elementor Builder < 1.7.0 - Multiple Admin+ Stored Cross-Site Scripting

The Contact Form & Lead Form Elementor Builder WordPress plugin before 1.7.0 does not escape some of its form fields before outputting them in attributes, which could allow high privilege users to perform Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed...

PT-2024-11522 · WordPress · Contact Form & Lead Form Elementor Builder

Name of the Vulnerable Software and Affected Versions: Contact Form & Lead Form Elementor Builder WordPress plugin versions prior to 1.7.4 Description: The issue is related to the lack of authorisation and nonce checks in the plugin, which could allow any authenticated users, such as subscribers,...

WordPress plugin Contact Form & Lead Form Elementor Builder Security Vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. WordPress is a blogging platform developed in the PHP language that supports personal blogs on PHP and MySQL servers.WordPress plugin is an application...

CVE-2023-52119

Cross-Site Request Forgery CSRF vulnerability in Icegram Icegram Engage – WordPress Lead Generation, Popup Builder, CTA, Optins and Email List Building.This issue affects Icegram Engage – WordPress Lead Generation, Popup Builder, CTA, Optins and Email List Building: from n/a through 3.1.18...

CVE-2023-52119

Cross-Site Request Forgery CSRF vulnerability in Icegram Icegram Engage – WordPress Lead Generation, Popup Builder, CTA, Optins and Email List Building.This issue affects Icegram Engage – WordPress Lead Generation, Popup Builder, CTA, Optins and Email List Building: from n/a through 3.1.18...

CVE-2023-52119

Technical details about CVE-2023-52119, including affected versions, exploit vector, and patch status, are not provided in the supplied documents. Monitor for updates from upstream advisories; current sources only confirm a CSRF vulnerability in Icegram Engage up to v3.1.18.

PT-2024-14416 · WordPress · Icegram Engage

Name of the Vulnerable Software and Affected Versions: Icegram Engage – WordPress Lead Generation, Popup Builder, CTA, Optins and Email List Building versions through 3.1.18 Description: A Cross-Site Request Forgery CSRF issue affects the software, allowing unauthorized actions to be performed on...

CVE-2022-47597

The CVE-2022-47597 entry affects the WordPress plugin Popup Maker (Popup for opt-ins, lead gen, & more) up to version 1.17.1. Multiple sources confirm an information disclosure vulnerability where sensitive data could be exposed to unauthenticated actors. NVD scores it CVSS v3.1 at 7.5 (High) wit...

CVE-2023-48325 WordPress Landing Page Builder Plugin <= 1.5.1.5 is vulnerable to Open Redirection

URL Redirection to Untrusted Site 'Open Redirect' vulnerability in PluginOps Landing Page Builder – Lead Page – Optin Page – Squeeze Page – WordPress Landing Pages.This issue affects Landing Page Builder – Lead Page – Optin Page – Squeeze Page – WordPress Landing Pages: from n/a through 1.5.1.5...

AWeber < 7.3.10 - Missing Authorization via AJAX actions

Description The AWeber – Free Sign Up Form and Landing Page Builder Plugin for Lead Generation and Email Newsletter Growth plugin for WordPress is vulnerable to unauthorized access and modification of data due to a missing capability check on several functions hooked by AJAX actions in all versio...

CVE-2023-47757

Missing Authorization, Cross-Site Request Forgery CSRF vulnerability in AWeber AWeber – Free Sign Up Form and Landing Page Builder Plugin for Lead Generation and Email Newsletter Growth allows Accessing Functionality Not Properly Constrained by ACLs, Cross-Site Request Forgery.This issue affects...

Cross site request forgery (csrf)

Missing Authorization, Cross-Site Request Forgery CSRF vulnerability in AWeber AWeber – Free Sign Up Form and Landing Page Builder Plugin for Lead Generation and Email Newsletter Growth allows Accessing Functionality Not Properly Constrained by ACLs, Cross-Site Request Forgery.This issue affects...

CVE-2023-47757

CVE-2023-47757 affects the AWeber – Free Sign Up Form and Landing Page Builder WordPress plugin. The vulnerability is due to missing authorization and CSRF, enabling access to functionality not properly constrained by ACLs. Affected versions are listed as n/a through 7.3.9; exploitation could all...

CVE-2023-47757 WordPress AWeber Plugin <= 7.3.9 is vulnerable to Broken Access Control

Missing Authorization, Cross-Site Request Forgery CSRF vulnerability in AWeber AWeber – Free Sign Up Form and Landing Page Builder Plugin for Lead Generation and Email Newsletter Growth allows Accessing Functionality Not Properly Constrained by ACLs, Cross-Site Request Forgery.This issue affects...