177 matches found
WordPress Contact Form 7 Multi-Step Forms plugin <= 3.0.8 - Authenticated Option Update vulnerability (Fremius Library security issue)
Authenticated Option Update vulnerability Fremius Library security issue found in WordPress Contact Form 7 Multi-Step Forms plugin versions = 3.0.8. Solution Update the WordPress Contact Form 7 Multi-Step Forms plugin to the latest available version at least 3.0.9...
WordPress Multi Step Form Plugin < 1.2.6 Multiple XSS Vulnerabilities
The WordPress plugin Copyright C 2019 Greenbone Networks GmbH SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation; either version 2 of the...
WordPress Mondula Multi Step Form Plugin Cross-Site Scripting Vulnerability
WordPress is the WordPress Software Foundation's set of blogging platform developed using the PHP language , the platform supports PHP and MySQL servers to set up a personal blog site . Mondula Multi Step Form is used in one of the drag-and-drop form builder plugin . A cross-site scripting...
Cross site scripting
The Mondula Multi Step Form plugin before 1.2.8 for WordPress has multiple stored XSS via wp-admin/admin-ajax.php...
CVE-2018-14846
The Mondula Multi Step Form plugin before 1.2.8 for WordPress has multiple stored XSS via wp-admin/admin-ajax.php...
CVE-2018-14846
CVE-2018-14846 affects WordPress users of the Mondula Multi Step Form Plugin (pre-1.2.8). The vulnerability is a stored XSS via wp-admin/admin-ajax.php, as described in multiple sources (NVD, CNVD, CVE listings). The issue stems from improper input handling in the plugin’s AJAX endpoint, enabling...
CVE-2018-14846
The Mondula Multi Step Form plugin before 1.2.8 for WordPress has multiple stored XSS via wp-admin/admin-ajax.php...
WordPress Multi Step Form plugin <= 1.2.5 - Multiple Unauthenticated Reflected Cross-Site Scripting (XSS) vulnerabilities
Multiple Unauthenticated Reflected Cross-Site Scripting XSS vulnerabilities found by Javier Olmedo in WordPress Multi Step Form plugin versions = 1.2.5. Solution Update the plugin WordPress Multi Step Form plugin to the latest available version at least 1.2.6...
Design/Logic Flaw
The Mondula Multi Step Form plugin through 1.2.5 for WordPress allows XSS via the fwdata id1, fwdata id2, fwdata id3, fwdata id4, or email field of the contact form, exploitable with an fwsendemail action to wp-admin/admin-ajax.php...
CVE-2018-14430
The Mondula Multi Step Form plugin through 1.2.5 for WordPress allows XSS via the fwdata id1, fwdata id2, fwdata id3, fwdata id4, or email field of the contact form, exploitable with an fwsendemail action to wp-admin/admin-ajax.php...
CVE-2018-14430
The Mondula Multi Step Form plugin through 1.2.5 for WordPress allows XSS via the fwdata id1, fwdata id2, fwdata id3, fwdata id4, or email field of the contact form, exploitable with an fwsendemail action to wp-admin/admin-ajax.php...
CVE-2018-14430
The CVE-2018-14430 vulnerability affects the WordPress Mondula/Multi Step Form plugin and is described as a cross-site scripting (XSS) flaw in version 1.2.5 and earlier. The affected component is the Mondula Multi Step Form plugin for WordPress, with the root cause being XSS in input handling of ...
Multi Step Form <= 1.2.5 - Multiple Unauthenticated Reflected XSS
WordPress Plugin Multi Step Form before 1.2.5 allows remote users to execute JavaScript code through Reflected XSS attacks. This issue can be exploited by unauthenticated attackers, by the use of CSRF, for example. PoC The following parameters are vulnerable in fwsenddata function: fwdataid1...
Multi-Step Registration - Critical - Unsupported Module - SA-CONTRIB-2018-023
With Multi-Step Registration you can create multi-step wizard user account registration forms. The security team is marking this module unsupported. There is a known security issue with the module that has not been fixed by the maintainer. If you would like to maintain this module, please read:...
RedHat Update for sssd RHSA-2015:2355-01
The remote host is missing an update for the SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
...because you can't get enough of clickjacking
I promise to post something more interesting shortly - but in the meantime, I wanted to drop a quick note about something kinda amusing. There was a considerable amount of buzz around clickjacking 1 in the past year or so. It is commonly believed that this simple attack can only be realistically...
CVE-2003-1562
MODE C CVE-2003-1562 refers to a race condition in sshd/OpenSSH 3.6.1p2 and earlier, where with PermitRootLogin disabled and using PAM keyboard-interactive authentication, sshd does not insert a delay after a root password attempt. This timing discrepancy could enable remote attackers to infer wh...