Lucene search
K

177 matches found

OSV
OSV
added 2023/01/09 11:15 p.m.5 views

CVE-2022-4196

The Multi Step Form WordPress plugin before 1.7.8 does not sanitise and escape some of its form fields, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

4.8CVSS5.8AI score0.0047EPSS
Exploits2References1
Vulnrichment
Vulnrichment
added 2023/01/09 10:13 p.m.8 views

CVE-2022-4196 Multi Step Form < 1.7.8 - Admin+ Stored XSS

The Multi Step Form WordPress plugin before 1.7.8 does not sanitise and escape some of its form fields, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

4.7AI score0.0047EPSS
Exploits2References1
CVE
CVE
added 2023/01/09 10:13 p.m.68 views

CVE-2022-4196

The CVE-2022-4196 entry concerns the WordPress plugin Multi Step Form (versions before 1.7.8). The issue is that several form fields are not properly sanitised/escaped, allowing stored XSS by high-privilege users (e.g., admins), even when unfiltered_html is disallowed (e.g., in multisite setups)....

4.8CVSS4.7AI score0.0047EPSS
Exploits2References1Affected Software1
Cvelist
Cvelist
added 2023/01/09 10:13 p.m.25 views

CVE-2022-4196 Multi Step Form < 1.7.8 - Admin+ Stored XSS

The Multi Step Form WordPress plugin before 1.7.8 does not sanitise and escape some of its form fields, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

5AI score0.0047EPSS
Exploits2References1
Positive Technologies
Positive Technologies
added 2023/01/09 12:0 a.m.9 views

PT-2023-14049 · WordPress · Multi Step Form

Name of the Vulnerable Software and Affected Versions: Multi Step Form WordPress plugin versions prior to 1.7.8 Description: The issue allows high privilege users, such as admins, to perform Stored Cross-Site Scripting attacks, even when the unfiltered html capability is disallowed, for example, ...

4.8CVSS6AI score0.0047EPSS
Exploits2References6
CNNVD
CNNVD
added 2023/01/09 12:0 a.m.8 views

WordPress Plugin Multi Step Form 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. WordPress is a blogging platform developed in the PHP language that supports personal blogs on PHP and MySQL servers.WordPress plugin is an application...

4.8CVSS5AI score0.0047EPSS
Exploits2References2
WPVulnDB
WPVulnDB
added 2022/12/17 12:0 a.m.17 views

Multi Step Form < 1.7.8 - Admin+ Stored XSS

The plugin does not sanitise and escape some of its form fields, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup. PoC 1. Create/edit a Form via the plugin. 2...

4.8CVSS0.8AI score0.0047EPSS
Exploits2Affected Software1
wpexploit
wpexploit
added 2022/12/17 12:0 a.m.116 views

Multi Step Form < 1.7.8 - Admin+ Stored XSS

The plugin does not sanitise and escape some of its form fields, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup. 1. Create/edit a Form via the plugin. 2. Put t...

4.8CVSS4.7AI score0.0047EPSS
Exploits2
Code423n4
Code423n4
added 2022/11/08 12:0 a.m.13 views

Multi Step upgrades introduce security risk

Lines of code Vulnerability details Impact If Governor upgrades the system using executeDiamondCutProposal function then freezing is removed. This could be a problem where Governor was still not ready to make freezable facet available as shown in POC Proof of Concept 1. Governor discovers a...

6.8AI score
Exploits0
Patchstack
Patchstack
added 2022/02/28 12:0 a.m.9 views

WordPress Anfrageformular – Multi Step Drag & Drop Formular Builder – Leadgenerierung plugin <= 1.2 - Sensitive Information Disclosure vulnerability

Sensitive Information Disclosure vulnerability discovered in WordPress Anfrageformular – Multi Step Drag & Drop Formular Builder – Leadgenerierung plugin versions = 1.2. Solution No patched version available...

2.1AI score
Exploits0References2Affected Software1
Patchstack
Patchstack
added 2022/02/28 12:0 a.m.11 views

WordPress Anfrageformular – Multi Step Drag & Drop Formular Builder – Leadgenerierung plugin <= 1.2 - Toggle The Debug Mode via Cross-Site Request Forgery (CSRF) vulnerability

Toggle The Debug Mode via Cross-Site Request Forgery CSRF vulnerability discovered in WordPress Anfrageformular – Multi Step Drag & Drop Formular Builder – Leadgenerierung plugin versions = 1.2. Solution No patched version available...

3.3AI score
Exploits0References2Affected Software1
Patchstack
Patchstack
added 2022/02/28 12:0 a.m.20 views

WordPress Contact Form 7 Multi-Step Forms plugin < 4.1.91 - Sensitive Information Disclosure vulnerability

Sensitive Information Disclosure vulnerability discovered in WordPress Contact Form 7 Multi-Step Forms plugin versions 4.1.91. Solution Update the WordPress Contact Form 7 Multi-Step Forms plugin to the latest available version at least 4.1.91...

2.7AI score
Exploits0References2Affected Software1
Patchstack
Patchstack
added 2022/02/28 12:0 a.m.15 views

WordPress Contact Form 7 Multi-Step Forms plugin < 4.1.91 - Toggle The Debug Mode via Cross-Site Request Forgery (CSRF) vulnerability

Sensitive Information Disclosure vulnerability discovered in WordPress Contact Form 7 Multi-Step Forms plugin versions 4.1.91. Solution Update the WordPress Contact Form 7 Multi-Step Forms plugin to the latest available version at least 4.1.91...

3.7AI score
Exploits0References2Affected Software1
NVD
NVD
added 2021/11/08 7:15 p.m.31 views

CVE-2021-41170

neoan3-apps/template is a neoan3 minimal template engine. Versions prior to 1.1.1 have allowed for passing in closures directly into the template engine. As a result values that are callable are executed by the template engine. The issue arises if a value has the same name as a method or function...

9.8CVSS0.01532EPSS
Exploits0References3
OSV
OSV
added 2021/11/08 7:15 p.m.16 views

CVE-2021-41170

neoan3-apps/template is a neoan3 minimal template engine. Versions prior to 1.1.1 have allowed for passing in closures directly into the template engine. As a result values that are callable are executed by the template engine. The issue arises if a value has the same name as a method or function...

9.8CVSS6.7AI score
Exploits0References3
OSV
OSV
added 2021/09/13 8:15 a.m.5 views

CVE-2021-40867

Certain NETGEAR smart switches are affected by an authentication hijacking race-condition vulnerability by an unauthenticated attacker who uses the same source IP address as an admin in the process of logging in e.g., behind the same NAT device, or already in possession of a foothold on an admin'...

7.1CVSS5.8AI score0.01356EPSS
Exploits1References2
NVD
NVD
added 2021/09/13 8:15 a.m.50 views

CVE-2021-40867

Certain NETGEAR smart switches are affected by an authentication hijacking race-condition vulnerability by an unauthenticated attacker who uses the same source IP address as an admin in the process of logging in e.g., behind the same NAT device, or already in possession of a foothold on an admin'...

7.8CVSS0.01356EPSS
Exploits1References2
Prion
Prion
added 2021/09/13 8:15 a.m.27 views

Race condition

Certain NETGEAR smart switches are affected by an authentication hijacking race-condition vulnerability by an unauthenticated attacker who uses the same source IP address as an admin in the process of logging in e.g., behind the same NAT device, or already in possession of a foothold on an admin'...

5.4CVSS7AI score0.01356EPSS
Exploits1References2Affected Software20
Code423n4
Code423n4
added 2021/07/11 12:0 a.m.16 views

Transactions nearing block.gaslimit may cause issues

Handle hrkrshnn Vulnerability details transactions nearing block.gaslimit may cause issues A general problem with schemes that require multiple steps and whose inputs are dynamically typed is that: a user may be able to "commit" something, but never "execute" it because the "execute" transaction...

6.9AI score
Exploits0
Patchstack
Patchstack
added 2019/10/31 12:0 a.m.16 views

WordPress YITH WooCommerce Multi-step Checkout plugin <=1.7.4 - Authenticated Settings Change (YITH Plugin Framework <=3.3.8) vulnerability

Authenticated Settings Change YITH Plugin Framework =3.3.8 vulnerability found by Jerome Bruandet in WordPress YITH WooCommerce Multi-step Checkout plugin versions =1.7.4. Solution Update the WordPress YITH WooCommerce Multi-step Checkout plugin to the latest available version at least 1.7.5...

4.3CVSS3.5AI score0.00948EPSS
Exploits0References1Affected Software1
Rows per page
Query Builder