Lucene search
K

177 matches found

Vulnrichment
Vulnrichment
added 2024/08/20 3:21 a.m.12 views

CVE-2024-7775 Contact Form by Bit Form: Multi Step Form, Calculation Contact Form, Payment Contact Form & Custom Contact Form builder 2.0 - 2.13.9 - Authenticated (Administrator+) Arbitrary JavaScript File Uploads

The Contact Form by Bit Form: Multi Step Form, Calculation Contact Form, Payment Contact Form & Custom Contact Form builder plugin for WordPress is vulnerable to arbitrary JavaScript file uploads due to missing input validation in the addCustomCode function in versions 2.0 to 2.13.9. This makes i...

5.5CVSS6.8AI score0.00243EPSS
Exploits0References2
Cvelist
Cvelist
added 2024/08/20 3:21 a.m.33 views

CVE-2024-7777 Contact Form by Bit Form: Multi Step Form, Calculation Contact Form, Payment Contact Form & Custom Contact Form builder 2.0 - 2.13.9 - Authenticated (Administrator+) Arbitrary File Read And Deletion

The Contact Form by Bit Form: Multi Step Form, Calculation Contact Form, Payment Contact Form & Custom Contact Form builder plugin for WordPress is vulnerable to arbitrary file read and deletion due to insufficient file path validation in multiple functions in versions 2.0 to 2.13.9. This makes i...

9CVSS0.01025EPSS
Exploits0References5
Patchstack
Patchstack
added 2024/07/03 6:23 a.m.4 views

WordPress Contact Form 7 Multi-Step Addon plugin <= 1.0.5 - Malicious Polyfill.io Embed vulnerability

Malicious Polyfill.io Embed vulnerability discovered by Sansec.io in WordPress Plugin Contact Form 7 Multi-Step Addon versions = 1.0.5...

7AI score
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2024/07/03 12:0 a.m.8 views

WordPress Contact Form 7 Multi-Step Addon Plugin <= 1.0.5 is vulnerable to Backdoor

Software Contact Form 7 Multi-Step Addon Type Plugin Vulnerable versions = 1.0.5 Fixed in 1.0.7 OWASP Top 10 A3: Injection Classification Backdoor CVE N/A Patch priority Low CVSS severity Low 5.3 Developer Claim ownership PSID 8aae8a0dc1cb Credits Sansec.io Required privilege Unauthenticated...

7.2AI score
Exploits0References3Affected Software1
Patchstack
Patchstack
added 2024/06/25 6:27 a.m.2 views

WordPress Contact Form 7 Multi-Step Addon plugin 1.0.4 to 1.0.5 - Injected Backdoor vulnerability

Injected Backdoor vulnerability discovered by WordFence in WordPress Plugin Contact Form 7 Multi-Step Addon versions 1.0.4-1.0.5...

10CVSS7AI score0.01011EPSS
Exploits0References1Affected Software1
The Hacker News
The Hacker News
added 2024/06/25 3:32 a.m.24 views

Multiple WordPress Plugins Compromised: Hackers Create Rogue Admin Accounts

Multiple WordPress plugins have been backdoored to inject malicious code that makes it possible to create rogue administrator accounts with the aim of performing arbitrary actions. "The injected malware attempts to create a new administrative user account and then sends those details back to the...

7.2AI score
Exploits0
Patchstack
Patchstack
added 2024/06/25 12:0 a.m.7 views

WordPress Contact Form 7 Multi-Step Addon Plugin 1.0.4-1.0.5 is vulnerable to Backdoor

Software Contact Form 7 Multi-Step Addon Type Plugin Vulnerable versions 1.0.4-1.0.5 Fixed in 1.0.7 OWASP Top 10 A3: Injection Classification Backdoor CVE CVE-2024-6297 Patch priority High CVSS severity High 10 Developer Claim ownership PSID 210ed7e4774a Credits WordFence Required privilege...

10CVSS7.2AI score0.01011EPSS
Exploits0References3Affected Software1
NVD
NVD
added 2024/02/21 7:15 a.m.22 views

CVE-2024-25905

Cross-Site Request Forgery CSRF vulnerability in Mondula GmbH Multi Step Form.This issue affects Multi Step Form: from n/a through 1.7.18...

5.4CVSS5.5AI score0.00186EPSS
Exploits0References1
OSV
OSV
added 2024/02/21 7:15 a.m.4 views

CVE-2024-25905

Cross-Site Request Forgery CSRF vulnerability in Mondula GmbH Multi Step Form.This issue affects Multi Step Form: from n/a through 1.7.18...

5.4CVSS7.3AI score0.00186EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2024/02/21 6:47 a.m.19 views

CVE-2024-25905 WordPress Multi Step Form Plugin <= 1.7.18 is vulnerable to Cross Site Request Forgery (CSRF)

Cross-Site Request Forgery CSRF vulnerability in Mondula GmbH Multi Step Form.This issue affects Multi Step Form: from n/a through 1.7.18...

5.4CVSS7AI score0.00186EPSS
Exploits0References1
CVE
CVE
added 2024/02/21 6:47 a.m.84 views

CVE-2024-25905

CVE-2024-25905 is a CSRF vulnerability in Mondula GmbH Multi Step Form for WordPress, affecting versions 1.7.18 and earlier. The attached documents identify the flaw as Cross-Site Request Forgery (CSRF) in Multi Step Form, with Patchstack noting the fix in 1.7.19. Public references indicate the i...

5.4CVSS6.7AI score0.00186EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2024/02/21 6:47 a.m.27 views

CVE-2024-25905 WordPress Multi Step Form Plugin <= 1.7.18 is vulnerable to Cross Site Request Forgery (CSRF)

Cross-Site Request Forgery CSRF vulnerability in Mondula GmbH Multi Step Form.This issue affects Multi Step Form: from n/a through 1.7.18...

5.4CVSS5.8AI score0.00186EPSS
Exploits0References1
CNNVD
CNNVD
added 2024/02/21 12:0 a.m.5 views

WordPress Plugin Multi Step Form Cross-Site Request Forgery Vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. WordPress is a blogging platform developed using the PHP language, which supports personal blogs on PHP and MySQL servers. A cross-site request forgery...

5.4CVSS6.7AI score0.00186EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2024/02/20 12:0 a.m.8 views

PT-2024-21196 · Mondula Gmbh · Multi Step Form

Name of the Vulnerable Software and Affected Versions: Mondula GmbH Multi Step Form versions 1.7.18 and earlier Description: The issue is a Cross-Site Request Forgery CSRF vulnerability. This type of vulnerability allows an attacker to trick a user into performing unintended actions on a web...

5.4CVSS9.3AI score0.00186EPSS
Exploits0References5
WPVulnDB
WPVulnDB
added 2024/02/14 12:0 a.m.19 views

Multi Step Form < 1.7.19 - Form Deletion via CSRF

Description The plugin does not have CSRF check when deleting forms in via a bulk action, which could allow attackers to make logged in admins delete arbitrary forms via a CSRF attack...

5.8CVSS5.8AI score0.00186EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2024/02/12 12:0 a.m.13 views

WordPress Multi Step Form Plugin <= 1.7.18 is vulnerable to Cross Site Request Forgery (CSRF)

Software Multi Step Form Type Plugin Vulnerable versions = 1.7.18 Fixed in 1.7.19 OWASP Top 10 A1: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2024-25905 Patch priority Low CVSS severity Low 5.4 Developer Claim ownership PSID c40d82e8e1e2 Credits Benmalek Aymen...

5.4CVSS6.6AI score0.00186EPSS
Exploits0References2Affected Software1
NVD
NVD
added 2023/12/21 6:15 p.m.10 views

CVE-2023-50832

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Mondula GmbH Multi Step Form allows Stored XSS.This issue affects Multi Step Form: from n/a through 1.7.13...

5.9CVSS0.00402EPSS
Exploits1References1
Prion
Prion
added 2023/12/21 6:15 p.m.17 views

Cross site scripting

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Mondula GmbH Multi Step Form allows Stored XSS.This issue affects Multi Step Form: from n/a through 1.7.13...

4.3CVSS6.9AI score0.00402EPSS
Exploits1References1Affected Software1
CVE
CVE
added 2023/12/21 5:23 p.m.73 views

CVE-2023-50832

CVE-2023-50832 affects Mondula Multi Step Form (WordPress plugin) with Stored XSS due to improper neutralization during web page generation. Affected versions: Multi Step Form

5.9CVSS6.5AI score0.00402EPSS
Exploits1References1Affected Software1
Cvelist
Cvelist
added 2023/12/21 5:23 p.m.28 views

CVE-2023-50832 WordPress Multi Step Form Plugin <= 1.7.13 is vulnerable to Cross Site Scripting (XSS)

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Mondula GmbH Multi Step Form allows Stored XSS.This issue affects Multi Step Form: from n/a through 1.7.13...

5.9CVSS5.9AI score0.00402EPSS
Exploits1References1
Rows per page
Query Builder