177 matches found
WordPress plugin Multi Step Form Cross-Site Scripting Vulnerability
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A cross-site scripting vulnerability exists...
PT-2023-31663 · Mondula Gmbh · Multi Step Form
Name of the Vulnerable Software and Affected Versions: Mondula GmbH Multi Step Form versions 1.7.13 and earlier Description: The issue is related to Improper Neutralization of Input During Web Page Generation, also known as Cross-site Scripting. This allows for Stored XSS attacks. Recommendations...
WordPress Multi Step Form Plugin <= 1.7.16 is vulnerable to Cross Site Scripting (XSS)
Software Multi Step Form Type Plugin Vulnerable versions = 1.7.16 Fixed in 1.7.17 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2023-50832 Patch priority Low CVSS severity Low 5.9 Developer Claim ownership PSID 5debd5a6baa3 Credits Benmalek Aymen centaurus Required...
CVE-2023-5990
The Interactive Contact Form and Multi Step Form Builder with Drag & Drop Editor WordPress plugin before 3.4.2 does not have CSRF checks on some of its form actions such as deletion and duplication, which could allow attackers to make logged in admin perform such actions via CSRF attacks...
WordPress plugin Interactive Contact Form and Multi Step Form Builder with Drag & Drop Editor Security Vulnerability
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. The WordPress plugin Interactive Contact Fo...
Multi Step Form < 1.7.13 - Form Update/Deletion via CSRF
Description The plugin does not have CSRF checks when deleting, updating and duplicating forms, which could allow attackers to make logged in admins perform such actions via CSRF attacks...
CVE-2023-47758
Cross-Site Request Forgery CSRF vulnerability in Mondula GmbH Multi Step Form plugin = 1.7.11 versions...
Cross site request forgery (csrf)
Cross-Site Request Forgery CSRF vulnerability in Mondula GmbH Multi Step Form plugin = 1.7.11 versions...
CVE-2023-47758 WordPress Multi Step Form Plugin <= 1.7.11 is vulnerable to Cross Site Request Forgery (CSRF)
Cross-Site Request Forgery CSRF vulnerability in Mondula GmbH Multi Step Form plugin = 1.7.11 versions...
CVE-2023-47758
The CVE-2023-47758 entry concerns Mondula GmbH’s WordPress Multi Step Form plugin. Affected versions are prior to 1.7.12 (per PT Security) and
PT-2023-30591 · Mondula Gmbh · Multi Step Form
Name of the Vulnerable Software and Affected Versions: Mondula GmbH Multi Step Form plugin versions prior to 1.7.12 Description: The issue is related to a Cross-Site Request Forgery CSRF vulnerability. This type of vulnerability allows an attacker to trick a user into performing unintended action...
WordPress Plugin Multi Step Form Cross-Site Request Forgery Vulnerability
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A cross-site request forgery vulnerability...
WordPress Multi Step Form Plugin <= 1.7.12 is vulnerable to Cross Site Request Forgery (CSRF)
Software Multi Step Form Type Plugin Vulnerable versions = 1.7.12 Fixed in 1.7.13 OWASP Top 10 A5: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2023-47758 Patch priority Low CVSS severity Low 5.4 Developer Claim ownership PSID cf47dd5c9cf5 Credits thiennv Required...
CVE-2023-4950
The Interactive Contact Form and Multi Step Form Builder WordPress plugin before 3.4 does not sanitise and escape some parameters, which could allow unauthenticated users to perform Cross-Site Scripting attacks...
WordPress Contact Form 7 Multi-Step Forms Plugin < 4.3.1 is vulnerable to Cross Site Scripting (XSS)
Software Contact Form 7 Multi-Step Forms Type Plugin Vulnerable versions 4.3.1 Fixed in 4.3.1 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2023-33999 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 4442b3e885b0 Credits Rafie Muhammad...
WordPress Anfrageformular – Multi Step Drag & Drop Formular Builder – Leadgenerierung Plugin <= 1.1 is vulnerable to Cross Site Scripting (XSS)
Software Anfrageformular – Multi Step Drag & Drop Formular Builder – Leadgenerierung Type Plugin Vulnerable versions = 1.1 Fixed in N/A OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2023-33999 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PS...
Cross site scripting
Sentry is an error tracking and performance monitoring platform. Starting in version 23.6.0 and prior to version 23.6.2, the Sentry API incorrectly returns the access-control-allow-credentials: true HTTP header if the Origin request header ends with the system.base-hostname option of Sentry...
Sentry CORS misconfiguration
Impact The Sentry API incorrectly returns the access-control-allow-credentials: true HTTP header if the Origin request header ends with the system.base-hostname option of Sentry installation. This only affects installations that have system.base-hostname option explicitly set, as it is empty by...
CVE-2023-36829 Sentry CORS misconfiguration vulnerability
Sentry is an error tracking and performance monitoring platform. Starting in version 23.6.0 and prior to version 23.6.2, the Sentry API incorrectly returns the access-control-allow-credentials: true HTTP header if the Origin request header ends with the system.base-hostname option of Sentry...
eXtplorer 2.1.14 Authentication Bypass / Remote Code Execution
Exploit Title: eXtplorer= 2.1.14 - Authentication Bypass & Remote Code Execution RCE Exploit Author: ErPaciocco Author Website: https://erpaciocco.github.io Vendor Homepage: https://extplorer.net/ Vendor: ============== extplorer.net Product: ================== eXtplorer = v2.1.14 eXtplorer is a...