178 matches found
CVE-2024-50428
Missing Authorization vulnerability in mondula2016 Multi Step Form multi-step-form allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Multi Step Form: from n/a through = 1.7.21...
CVE-2024-50428 WordPress Multi Step Form plugin <= 1.7.21 - Broken Access Control vulnerability
Missing Authorization vulnerability in mondula2016 Multi Step Form multi-step-form allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Multi Step Form: from n/a through = 1.7.21...
CVE-2024-50428 WordPress Multi Step Form plugin <= 1.7.21 - Broken Access Control vulnerability
Missing Authorization vulnerability in mondula2016 Multi Step Form multi-step-form allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Multi Step Form: from n/a through = 1.7.21...
CVE-2024-50428
CVE-2024-50428 describes a Missing Authorization vulnerability in the Mondula GmbH Multi Step Form WordPress plugin (versions
PT-2024-34202 · Mondula Gmbh · Multi Step Form
Name of the Vulnerable Software and Affected Versions: Mondula GmbH Multi Step Form versions 1.7.21 and earlier Description: The issue is related to a Missing Authorization vulnerability, which allows exploiting incorrectly configured access control security levels. Recommendations: For versions...
WordPress plugin Multi Step Form 安全漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed in the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability exist...
WordPress Multi Step Form plugin <= 1.7.21 - Broken Access Control vulnerability
Broken Access Control vulnerability discovered by Muhamad Agil Fachrian Patchstack Alliance in WordPress Plugin Multi Step Form versions = 1.7.21...
WordPress Multi Step Form Plugin <= 1.7.21 is vulnerable to Broken Access Control
Software Multi Step Form Type Plugin Vulnerable versions = 1.7.21 Fixed in 1.7.22 OWASP Top 10 A1: Broken Access Control Classification Broken Access Control CVE CVE-2024-50428 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID 836c6987cc2b Credits Muhamad Agil Fachrian...
CVE-2024-47331
Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in NinjaTeam Multi Step for Contact Form allows SQL Injection.This issue affects Multi Step for Contact Form: from n/a through 2.7.7...
CVE-2024-47331
Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Ninja Team Multi Step for Contact Form cf7-multi-step allows SQL Injection.This issue affects Multi Step for Contact Form: from n/a through = 2.7.7...
CVE-2024-47331
CVE-2024-47331 — Unauthenticated SQL Injection in WordPress plugin “Multi Step for Contact Form” (NinjaTeam) affecting versions
CVE-2024-47331 WordPress Multi Step for Contact Form plugin <= 2.7.7 - Unauthenticated SQL Injection vulnerability
Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Ninja Team Multi Step for Contact Form cf7-multi-step allows SQL Injection.This issue affects Multi Step for Contact Form: from n/a through = 2.7.7...
CVE-2024-9507
CVE-2024-9507 concerns the WordPress plugin Bit Form (Contact Form by Bit Form) up to version 2.15.2. The issue arises from improper input validation in the iconUpload function, enabling authenticated attackers with Administrator-level access and above to perform a PHP filter chain attack and rea...
CVE-2024-9507 Contact Form by Bit Form: Multi Step Form, Calculation Contact Form, Payment Contact Form & Custom Contact Form builder <= 2.15.2 - Authenticated (Administrator+) Improper Input Validation via iconUpload Function to Arbitrary File Read
The Contact Form by Bit Form: Multi Step Form, Calculation Contact Form, Payment Contact Form & Custom Contact Form builder plugin for WordPress is vulnerable to arbitrary file read in all versions up to, and including, 2.15.2 due to improper input validation within the iconUpload function. This...
WordPress plugin Multi Step for Contact Form SQL注入漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed in the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A SQL injection vulnerability...
PT-2024-32545 · Ninja Team · Ninjateam Multi Step For Contact Form
Name of the Vulnerable Software and Affected Versions: NinjaTeam Multi Step for Contact Form versions n/a through 2.7.7 Description: The issue is related to an SQL Injection vulnerability due to improper neutralization of special elements used in an SQL command. This allows for SQL Injection...
WordPress Multi Step for Contact Form plugin <= 2.7.7 - Unauthenticated SQL Injection vulnerability
Unauthenticated SQL Injection vulnerability discovered by Hakiduck in WordPress Plugin Multi Step for Contact Form versions = 2.7.7...
WordPress Multi Step for Contact Form Plugin <= 2.7.7 is vulnerable to SQL Injection
Software Multi Step for Contact Form Type Plugin Vulnerable versions = 2.7.7 Fixed in 2.7.8 OWASP Top 10 A3: Injection Classification SQL Injection CVE CVE-2024-47331 Patch priority High CVSS severity High 9.3 Developer Claim ownership PSID a27c5e08d690 Credits Hakiduck Required privilege...
CVE-2024-5857 Interactive Contact Form and Multi Step Form Builder with Drag & Drop Editor – Funnelforms Free <= 3.7.3.2 - Missing Authorization to Unauthenticated Arbitrary Media Deletion
The Interactive Contact Form and Multi Step Form Builder with Drag & Drop Editor – Funnelforms Free plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the af2handelfileremove AJAX action in all versions up to, and including, 3.7.3.2. This makes it...
CVE-2024-5857
CVE-2024-5857 affects Interactive Contact Form and Multi Step Form Builder with Drag & Drop Editor – Funnelforms Free (WordPress). A missing capability check on the af2_handel_file_remove AJAX action in all versions up to 3.7.3.2 allows unauthenticated attackers to delete arbitrary media files. C...