177 matches found
CVE-2022-4196
The Multi Step Form WordPress plugin before 1.7.8 does not sanitise and escape some of its form fields, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...
CVE-2022-4196 Multi Step Form < 1.7.8 - Admin+ Stored XSS
The Multi Step Form WordPress plugin before 1.7.8 does not sanitise and escape some of its form fields, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...
CVE-2022-4196
The CVE-2022-4196 entry concerns the WordPress plugin Multi Step Form (versions before 1.7.8). The issue is that several form fields are not properly sanitised/escaped, allowing stored XSS by high-privilege users (e.g., admins), even when unfiltered_html is disallowed (e.g., in multisite setups)....
CVE-2022-4196 Multi Step Form < 1.7.8 - Admin+ Stored XSS
The Multi Step Form WordPress plugin before 1.7.8 does not sanitise and escape some of its form fields, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...
PT-2023-14049 · WordPress · Multi Step Form
Name of the Vulnerable Software and Affected Versions: Multi Step Form WordPress plugin versions prior to 1.7.8 Description: The issue allows high privilege users, such as admins, to perform Stored Cross-Site Scripting attacks, even when the unfiltered html capability is disallowed, for example, ...
WordPress Plugin Multi Step Form 跨站脚本漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. WordPress is a blogging platform developed in the PHP language that supports personal blogs on PHP and MySQL servers.WordPress plugin is an application...
Multi Step Form < 1.7.8 - Admin+ Stored XSS
The plugin does not sanitise and escape some of its form fields, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup. PoC 1. Create/edit a Form via the plugin. 2...
Multi Step Form < 1.7.8 - Admin+ Stored XSS
The plugin does not sanitise and escape some of its form fields, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup. 1. Create/edit a Form via the plugin. 2. Put t...
Multi Step upgrades introduce security risk
Lines of code Vulnerability details Impact If Governor upgrades the system using executeDiamondCutProposal function then freezing is removed. This could be a problem where Governor was still not ready to make freezable facet available as shown in POC Proof of Concept 1. Governor discovers a...
WordPress Anfrageformular – Multi Step Drag & Drop Formular Builder – Leadgenerierung plugin <= 1.2 - Sensitive Information Disclosure vulnerability
Sensitive Information Disclosure vulnerability discovered in WordPress Anfrageformular – Multi Step Drag & Drop Formular Builder – Leadgenerierung plugin versions = 1.2. Solution No patched version available...
WordPress Anfrageformular – Multi Step Drag & Drop Formular Builder – Leadgenerierung plugin <= 1.2 - Toggle The Debug Mode via Cross-Site Request Forgery (CSRF) vulnerability
Toggle The Debug Mode via Cross-Site Request Forgery CSRF vulnerability discovered in WordPress Anfrageformular – Multi Step Drag & Drop Formular Builder – Leadgenerierung plugin versions = 1.2. Solution No patched version available...
WordPress Contact Form 7 Multi-Step Forms plugin < 4.1.91 - Sensitive Information Disclosure vulnerability
Sensitive Information Disclosure vulnerability discovered in WordPress Contact Form 7 Multi-Step Forms plugin versions 4.1.91. Solution Update the WordPress Contact Form 7 Multi-Step Forms plugin to the latest available version at least 4.1.91...
WordPress Contact Form 7 Multi-Step Forms plugin < 4.1.91 - Toggle The Debug Mode via Cross-Site Request Forgery (CSRF) vulnerability
Sensitive Information Disclosure vulnerability discovered in WordPress Contact Form 7 Multi-Step Forms plugin versions 4.1.91. Solution Update the WordPress Contact Form 7 Multi-Step Forms plugin to the latest available version at least 4.1.91...
CVE-2021-41170
neoan3-apps/template is a neoan3 minimal template engine. Versions prior to 1.1.1 have allowed for passing in closures directly into the template engine. As a result values that are callable are executed by the template engine. The issue arises if a value has the same name as a method or function...
CVE-2021-41170
neoan3-apps/template is a neoan3 minimal template engine. Versions prior to 1.1.1 have allowed for passing in closures directly into the template engine. As a result values that are callable are executed by the template engine. The issue arises if a value has the same name as a method or function...
CVE-2021-40867
Certain NETGEAR smart switches are affected by an authentication hijacking race-condition vulnerability by an unauthenticated attacker who uses the same source IP address as an admin in the process of logging in e.g., behind the same NAT device, or already in possession of a foothold on an admin'...
CVE-2021-40867
Certain NETGEAR smart switches are affected by an authentication hijacking race-condition vulnerability by an unauthenticated attacker who uses the same source IP address as an admin in the process of logging in e.g., behind the same NAT device, or already in possession of a foothold on an admin'...
Race condition
Certain NETGEAR smart switches are affected by an authentication hijacking race-condition vulnerability by an unauthenticated attacker who uses the same source IP address as an admin in the process of logging in e.g., behind the same NAT device, or already in possession of a foothold on an admin'...
Transactions nearing block.gaslimit may cause issues
Handle hrkrshnn Vulnerability details transactions nearing block.gaslimit may cause issues A general problem with schemes that require multiple steps and whose inputs are dynamically typed is that: a user may be able to "commit" something, but never "execute" it because the "execute" transaction...
WordPress YITH WooCommerce Multi-step Checkout plugin <=1.7.4 - Authenticated Settings Change (YITH Plugin Framework <=3.3.8) vulnerability
Authenticated Settings Change YITH Plugin Framework =3.3.8 vulnerability found by Jerome Bruandet in WordPress YITH WooCommerce Multi-step Checkout plugin versions =1.7.4. Solution Update the WordPress YITH WooCommerce Multi-step Checkout plugin to the latest available version at least 1.7.5...