Lucene search
K

177 matches found

CNNVD
CNNVD
added 2023/12/21 12:0 a.m.3 views

WordPress plugin Multi Step Form Cross-Site Scripting Vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A cross-site scripting vulnerability exists...

5.9CVSS6.1AI score0.00402EPSS
Exploits1References2
Positive Technologies
Positive Technologies
added 2023/12/21 12:0 a.m.6 views

PT-2023-31663 · Mondula Gmbh · Multi Step Form

Name of the Vulnerable Software and Affected Versions: Mondula GmbH Multi Step Form versions 1.7.13 and earlier Description: The issue is related to Improper Neutralization of Input During Web Page Generation, also known as Cross-site Scripting. This allows for Stored XSS attacks. Recommendations...

5.9CVSS5.6AI score0.00402EPSS
Exploits1References4
Patchstack
Patchstack
added 2023/12/19 12:0 a.m.11 views

WordPress Multi Step Form Plugin <= 1.7.16 is vulnerable to Cross Site Scripting (XSS)

Software Multi Step Form Type Plugin Vulnerable versions = 1.7.16 Fixed in 1.7.17 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2023-50832 Patch priority Low CVSS severity Low 5.9 Developer Claim ownership PSID 5debd5a6baa3 Credits Benmalek Aymen centaurus Required...

5.9CVSS6.6AI score0.00402EPSS
Exploits1References2Affected Software1
OSV
OSV
added 2023/12/04 10:15 p.m.4 views

CVE-2023-5990

The Interactive Contact Form and Multi Step Form Builder with Drag & Drop Editor WordPress plugin before 3.4.2 does not have CSRF checks on some of its form actions such as deletion and duplication, which could allow attackers to make logged in admin perform such actions via CSRF attacks...

6.5CVSS5.8AI score
Exploits0References1
CNNVD
CNNVD
added 2023/12/04 12:0 a.m.5 views

WordPress plugin Interactive Contact Form and Multi Step Form Builder with Drag & Drop Editor Security Vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. The WordPress plugin Interactive Contact Fo...

6.5CVSS6.5AI score0.0027EPSS
Exploits2References1
WPVulnDB
WPVulnDB
added 2023/11/29 12:0 a.m.18 views

Multi Step Form < 1.7.13 - Form Update/Deletion via CSRF

Description The plugin does not have CSRF checks when deleting, updating and duplicating forms, which could allow attackers to make logged in admins perform such actions via CSRF attacks...

8.8CVSS6.9AI score0.00264EPSS
Exploits0References1Affected Software1
NVD
NVD
added 2023/11/22 6:15 p.m.21 views

CVE-2023-47758

Cross-Site Request Forgery CSRF vulnerability in Mondula GmbH Multi Step Form plugin = 1.7.11 versions...

8.8CVSS0.00264EPSS
Exploits0References1
Prion
Prion
added 2023/11/22 6:15 p.m.16 views

Cross site request forgery (csrf)

Cross-Site Request Forgery CSRF vulnerability in Mondula GmbH Multi Step Form plugin = 1.7.11 versions...

6.8CVSS7.3AI score0.00264EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2023/11/22 6:9 p.m.26 views

CVE-2023-47758 WordPress Multi Step Form Plugin <= 1.7.11 is vulnerable to Cross Site Request Forgery (CSRF)

Cross-Site Request Forgery CSRF vulnerability in Mondula GmbH Multi Step Form plugin = 1.7.11 versions...

5.4CVSS9AI score0.00264EPSS
Exploits0References1
CVE
CVE
added 2023/11/22 6:9 p.m.44 views

CVE-2023-47758

The CVE-2023-47758 entry concerns Mondula GmbH’s WordPress Multi Step Form plugin. Affected versions are prior to 1.7.12 (per PT Security) and

8.8CVSS7.1AI score0.00264EPSS
Exploits0References1Affected Software1
Positive Technologies
Positive Technologies
added 2023/11/22 12:0 a.m.6 views

PT-2023-30591 · Mondula Gmbh · Multi Step Form

Name of the Vulnerable Software and Affected Versions: Mondula GmbH Multi Step Form plugin versions prior to 1.7.12 Description: The issue is related to a Cross-Site Request Forgery CSRF vulnerability. This type of vulnerability allows an attacker to trick a user into performing unintended action...

8.8CVSS8.5AI score0.00264EPSS
Exploits0References3
CNNVD
CNNVD
added 2023/11/22 12:0 a.m.4 views

WordPress Plugin Multi Step Form Cross-Site Request Forgery Vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A cross-site request forgery vulnerability...

8.8CVSS6.5AI score0.00264EPSS
Exploits0References2
Patchstack
Patchstack
added 2023/11/13 12:0 a.m.11 views

WordPress Multi Step Form Plugin <= 1.7.12 is vulnerable to Cross Site Request Forgery (CSRF)

Software Multi Step Form Type Plugin Vulnerable versions = 1.7.12 Fixed in 1.7.13 OWASP Top 10 A5: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2023-47758 Patch priority Low CVSS severity Low 5.4 Developer Claim ownership PSID cf47dd5c9cf5 Credits thiennv Required...

8.8CVSS6.7AI score0.00264EPSS
Exploits0References2Affected Software1
NVD
NVD
added 2023/10/16 8:15 p.m.26 views

CVE-2023-4950

The Interactive Contact Form and Multi Step Form Builder WordPress plugin before 3.4 does not sanitise and escape some parameters, which could allow unauthenticated users to perform Cross-Site Scripting attacks...

6.1CVSS6AI score0.0047EPSS
Exploits2References1
Patchstack
Patchstack
added 2023/07/18 12:0 a.m.10 views

WordPress Contact Form 7 Multi-Step Forms Plugin < 4.3.1 is vulnerable to Cross Site Scripting (XSS)

Software Contact Form 7 Multi-Step Forms Type Plugin Vulnerable versions 4.3.1 Fixed in 4.3.1 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2023-33999 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 4442b3e885b0 Credits Rafie Muhammad...

6.8AI score0.00284EPSS
Exploits0References3Affected Software1
Patchstack
Patchstack
added 2023/07/18 12:0 a.m.6 views

WordPress Anfrageformular – Multi Step Drag & Drop Formular Builder – Leadgenerierung Plugin <= 1.1 is vulnerable to Cross Site Scripting (XSS)

Software Anfrageformular – Multi Step Drag & Drop Formular Builder – Leadgenerierung Type Plugin Vulnerable versions = 1.1 Fixed in N/A OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2023-33999 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PS...

6.3AI score0.00284EPSS
Exploits0References2Affected Software1
Prion
Prion
added 2023/07/06 11:15 p.m.22 views

Cross site scripting

Sentry is an error tracking and performance monitoring platform. Starting in version 23.6.0 and prior to version 23.6.2, the Sentry API incorrectly returns the access-control-allow-credentials: true HTTP header if the Origin request header ends with the system.base-hostname option of Sentry...

5.8CVSS5.3AI score0.00666EPSS
Exploits0References4Affected Software1
Github Security Blog
Github Security Blog
added 2023/07/06 10:55 p.m.35 views

Sentry CORS misconfiguration

Impact The Sentry API incorrectly returns the access-control-allow-credentials: true HTTP header if the Origin request header ends with the system.base-hostname option of Sentry installation. This only affects installations that have system.base-hostname option explicitly set, as it is empty by...

6.8CVSS6.6AI score0.00666EPSS
Exploits0References8Affected Software1
OSV
OSV
added 2023/07/06 10:8 p.m.31 views

CVE-2023-36829 Sentry CORS misconfiguration vulnerability

Sentry is an error tracking and performance monitoring platform. Starting in version 23.6.0 and prior to version 23.6.2, the Sentry API incorrectly returns the access-control-allow-credentials: true HTTP header if the Origin request header ends with the system.base-hostname option of Sentry...

6.8CVSS5.7AI score0.00666EPSS
Exploits0References6
Packet Storm
Packet Storm
added 2023/03/27 12:0 a.m.320 views

eXtplorer 2.1.14 Authentication Bypass / Remote Code Execution

Exploit Title: eXtplorer= 2.1.14 - Authentication Bypass & Remote Code Execution RCE Exploit Author: ErPaciocco Author Website: https://erpaciocco.github.io Vendor Homepage: https://extplorer.net/ Vendor: ============== extplorer.net Product: ================== eXtplorer = v2.1.14 eXtplorer is a...

6.8AI score
Exploits0
Rows per page
Query Builder