Lucene search
+L

178 matches found

NVD
NVD
added 2024/10/29 10:15 p.m.15 views

CVE-2024-50428

Missing Authorization vulnerability in mondula2016 Multi Step Form multi-step-form allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Multi Step Form: from n/a through = 1.7.21...

9.8CVSS0.00322EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2024/10/29 9:10 p.m.18 views

CVE-2024-50428 WordPress Multi Step Form plugin <= 1.7.21 - Broken Access Control vulnerability

Missing Authorization vulnerability in mondula2016 Multi Step Form multi-step-form allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Multi Step Form: from n/a through = 1.7.21...

4.3CVSS5.9AI score0.00322EPSS
Exploits0References1
Cvelist
Cvelist
added 2024/10/29 9:10 p.m.22 views

CVE-2024-50428 WordPress Multi Step Form plugin <= 1.7.21 - Broken Access Control vulnerability

Missing Authorization vulnerability in mondula2016 Multi Step Form multi-step-form allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Multi Step Form: from n/a through = 1.7.21...

4.3CVSS0.00322EPSS
Exploits0References1
CVE
CVE
added 2024/10/29 9:10 p.m.59 views

CVE-2024-50428

CVE-2024-50428 describes a Missing Authorization vulnerability in the Mondula GmbH Multi Step Form WordPress plugin (versions

9.8CVSS5.9AI score0.00322EPSS
Exploits0References1Affected Software1
Positive Technologies
Positive Technologies
added 2024/10/29 12:0 a.m.8 views

PT-2024-34202 · Mondula Gmbh · Multi Step Form

Name of the Vulnerable Software and Affected Versions: Mondula GmbH Multi Step Form versions 1.7.21 and earlier Description: The issue is related to a Missing Authorization vulnerability, which allows exploiting incorrectly configured access control security levels. Recommendations: For versions...

9.8CVSS6.8AI score0.00322EPSS
Exploits0References4
CNNVD
CNNVD
added 2024/10/29 12:0 a.m.4 views

WordPress plugin Multi Step Form 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed in the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability exist...

9.8CVSS6.6AI score0.00322EPSS
Exploits0References1
Patchstack
Patchstack
added 2024/10/24 9:17 a.m.6 views

WordPress Multi Step Form plugin <= 1.7.21 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by Muhamad Agil Fachrian Patchstack Alliance in WordPress Plugin Multi Step Form versions = 1.7.21...

9.8CVSS7AI score0.00322EPSS
Exploits0Affected Software1
Patchstack
Patchstack
added 2024/10/24 12:0 a.m.12 views

WordPress Multi Step Form Plugin <= 1.7.21 is vulnerable to Broken Access Control

Software Multi Step Form Type Plugin Vulnerable versions = 1.7.21 Fixed in 1.7.22 OWASP Top 10 A1: Broken Access Control Classification Broken Access Control CVE CVE-2024-50428 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID 836c6987cc2b Credits Muhamad Agil Fachrian...

9.8CVSS6.5AI score0.00322EPSS
Exploits0References2Affected Software1
OSV
OSV
added 2024/10/11 7:15 p.m.5 views

CVE-2024-47331

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in NinjaTeam Multi Step for Contact Form allows SQL Injection.This issue affects Multi Step for Contact Form: from n/a through 2.7.7...

9.8CVSS5.8AI score0.006EPSS
Exploits0References1
NVD
NVD
added 2024/10/11 7:15 p.m.21 views

CVE-2024-47331

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Ninja Team Multi Step for Contact Form cf7-multi-step allows SQL Injection.This issue affects Multi Step for Contact Form: from n/a through = 2.7.7...

9.8CVSS0.006EPSS
Exploits0References1
CVE
CVE
added 2024/10/11 6:20 p.m.63 views

CVE-2024-47331

CVE-2024-47331 — Unauthenticated SQL Injection in WordPress plugin “Multi Step for Contact Form” (NinjaTeam) affecting versions

9.8CVSS5.9AI score0.006EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2024/10/11 6:20 p.m.34 views

CVE-2024-47331 WordPress Multi Step for Contact Form plugin <= 2.7.7 - Unauthenticated SQL Injection vulnerability

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Ninja Team Multi Step for Contact Form cf7-multi-step allows SQL Injection.This issue affects Multi Step for Contact Form: from n/a through = 2.7.7...

9.3CVSS0.006EPSS
Exploits0References1
CVE
CVE
added 2024/10/11 7:37 a.m.52 views

CVE-2024-9507

CVE-2024-9507 concerns the WordPress plugin Bit Form (Contact Form by Bit Form) up to version 2.15.2. The issue arises from improper input validation in the iconUpload function, enabling authenticated attackers with Administrator-level access and above to perform a PHP filter chain attack and rea...

4.9CVSS5.3AI score0.00526EPSS
Exploits0References5
Vulnrichment
Vulnrichment
added 2024/10/11 7:37 a.m.8 views

CVE-2024-9507 Contact Form by Bit Form: Multi Step Form, Calculation Contact Form, Payment Contact Form & Custom Contact Form builder <= 2.15.2 - Authenticated (Administrator+) Improper Input Validation via iconUpload Function to Arbitrary File Read

The Contact Form by Bit Form: Multi Step Form, Calculation Contact Form, Payment Contact Form & Custom Contact Form builder plugin for WordPress is vulnerable to arbitrary file read in all versions up to, and including, 2.15.2 due to improper input validation within the iconUpload function. This...

4.9CVSS6.6AI score0.00526EPSS
Exploits0References5
CNNVD
CNNVD
added 2024/10/11 12:0 a.m.5 views

WordPress plugin Multi Step for Contact Form SQL注入漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed in the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A SQL injection vulnerability...

9.8CVSS7.8AI score0.006EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2024/10/11 12:0 a.m.7 views

PT-2024-32545 · Ninja Team · Ninjateam Multi Step For Contact Form

Name of the Vulnerable Software and Affected Versions: NinjaTeam Multi Step for Contact Form versions n/a through 2.7.7 Description: The issue is related to an SQL Injection vulnerability due to improper neutralization of special elements used in an SQL command. This allows for SQL Injection...

9.8CVSS8AI score0.006EPSS
Exploits0References7
Patchstack
Patchstack
added 2024/09/26 3:33 a.m.8 views

WordPress Multi Step for Contact Form plugin <= 2.7.7 - Unauthenticated SQL Injection vulnerability

Unauthenticated SQL Injection vulnerability discovered by Hakiduck in WordPress Plugin Multi Step for Contact Form versions = 2.7.7...

9.8CVSS8.1AI score0.006EPSS
Exploits0Affected Software1
Patchstack
Patchstack
added 2024/09/26 12:0 a.m.17 views

WordPress Multi Step for Contact Form Plugin <= 2.7.7 is vulnerable to SQL Injection

Software Multi Step for Contact Form Type Plugin Vulnerable versions = 2.7.7 Fixed in 2.7.8 OWASP Top 10 A3: Injection Classification SQL Injection CVE CVE-2024-47331 Patch priority High CVSS severity High 9.3 Developer Claim ownership PSID a27c5e08d690 Credits Hakiduck Required privilege...

9.8CVSS6.8AI score0.006EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2024/08/29 3:30 a.m.35 views

CVE-2024-5857 Interactive Contact Form and Multi Step Form Builder with Drag & Drop Editor – Funnelforms Free <= 3.7.3.2 - Missing Authorization to Unauthenticated Arbitrary Media Deletion

The Interactive Contact Form and Multi Step Form Builder with Drag & Drop Editor – Funnelforms Free plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the af2handelfileremove AJAX action in all versions up to, and including, 3.7.3.2. This makes it...

5.3CVSS0.00317EPSS
Exploits0References2
CVE
CVE
added 2024/08/29 3:30 a.m.59 views

CVE-2024-5857

CVE-2024-5857 affects Interactive Contact Form and Multi Step Form Builder with Drag & Drop Editor – Funnelforms Free (WordPress). A missing capability check on the af2_handel_file_remove AJAX action in all versions up to 3.7.3.2 allows unauthenticated attackers to delete arbitrary media files. C...

5.3CVSS5.6AI score0.00317EPSS
Exploits0References2Affected Software1
Rows per page
Query Builder