Lucene search
K

177 matches found

Positive Technologies
Positive Technologies
added 2025/09/06 12:0 a.m.9 views

PT-2025-36352

Name of the Vulnerable Software and Affected Versions: Multi Step Form plugin for WordPress versions prior to 1.7.26 Description: The Multi Step Form plugin for WordPress is susceptible to arbitrary file uploads due to a lack of file type validation during the import process. This allows...

7.2CVSS7.3AI score0.00613EPSS
Exploits0References7
CNNVD
CNNVD
added 2025/09/06 12:0 a.m.7 views

WordPress plugin Multi Step Form 代码问题漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A code issue vulnerability...

7.2CVSS6.8AI score0.00613EPSS
Exploits0References4
Patchstack
Patchstack
added 2025/09/05 11:54 p.m.9 views

WordPress Multi Step Form plugin <= 1.7.25 - Authenticated (Admin+) Arbitrary File Upload vulnerability

Authenticated Admin+ Arbitrary File Upload vulnerability discovered by tmrswrr in WordPress Plugin Multi Step Form versions = 1.7.25...

7.2CVSS6.7AI score0.00613EPSS
Exploits0References1Affected Software1
Packet Storm News
Packet Storm News
added 2025/05/28 12:0 a.m.4 views

Smart Contracts for SMEs and Large Companies

Research on blockchains addresses multiple issues, with one being writing smart contracts. In our previous research we described methodology and a tool to generate, in automated fashion, smart contracts from BPMN models. The generated smart contracts provide support for multi-step transactions th...

7AI score
Exploits0
RedhatCVE
RedhatCVE
added 2025/05/23 9:46 a.m.9 views

CVE-2024-25905

Cross-Site Request Forgery CSRF vulnerability in Mondula GmbH Multi Step Form.This issue affects Multi Step Form: from n/a through 1.7.18...

5.4CVSS6.7AI score0.00186EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 9:26 a.m.8 views

CVE-2024-12427

The Multi Step Form plugin for WordPress is vulnerable to unauthorized limited file upload due to a missing capability check on the fwuploadfile AJAX action in all versions up to, and including, 1.7.23. This makes it possible for unauthenticated attackers to upload limited file types such as imag...

5.3CVSS6.8AI score0.00385EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 6:18 a.m.9 views

CVE-2024-50428

Missing Authorization vulnerability in mondula2016 Multi Step Form multi-step-form allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Multi Step Form: from n/a through = 1.7.21...

9.8CVSS5.9AI score0.00322EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 2:30 a.m.9 views

CVE-2023-36829

Sentry is an error tracking and performance monitoring platform. Starting in version 23.6.0 and prior to version 23.6.2, the Sentry API incorrectly returns the access-control-allow-credentials: true HTTP header if the Origin request header ends with the system.base-hostname option of Sentry...

6.8CVSS6.6AI score0.00543EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 1:58 a.m.10 views

CVE-2023-47758

Cross-Site Request Forgery CSRF vulnerability in Mondula GmbH Multi Step Form plugin = 1.7.11 versions...

8.8CVSS7.1AI score0.00264EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 11:50 p.m.10 views

CVE-2022-4196

The Multi Step Form WordPress plugin before 1.7.8 does not sanitise and escape some of its form fields, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

4.8CVSS5.7AI score0.0047EPSS
Exploits2References1
Packet Storm News
Packet Storm News
added 2025/04/29 12:0 a.m.3 views

Quantifying the Noise of Structural Perturbations on Graph Adversarial Attacks

Graph neural networks have been widely utilized to solve graph-related tasks because of their strong learning power in utilizing the local information of neighbors. However, recent studies on graph adversarial attacks have proven that current graph neural networks are not robust against malicious...

6.9AI score
Exploits0
RedhatCVE
RedhatCVE
added 2025/02/05 8:22 a.m.7 views

CVE-2024-47331

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Ninja Team Multi Step for Contact Form cf7-multi-step allows SQL Injection.This issue affects Multi Step for Contact Form: from n/a through = 2.7.7...

9.8CVSS5.9AI score0.00583EPSS
Exploits0References1
NVD
NVD
added 2025/01/16 10:15 a.m.11 views

CVE-2024-12427

The Multi Step Form plugin for WordPress is vulnerable to unauthorized limited file upload due to a missing capability check on the fwuploadfile AJAX action in all versions up to, and including, 1.7.23. This makes it possible for unauthenticated attackers to upload limited file types such as imag...

5.3CVSS0.00385EPSS
Exploits0References4
CVE
CVE
added 2025/01/16 9:39 a.m.54 views

CVE-2024-12427

CVE-2024-12427 affects the WordPress plugin Multi Step Form (aka Multi Step Form for WordPress). The issue is an unauthorized file upload via the fw_upload_file AJAX action, caused by a missing capability check in all versions up to and including 1.7.23. This allows unauthenticated attackers to u...

5.3CVSS5.1AI score0.00385EPSS
Exploits0References4Affected Software1
Vulnrichment
Vulnrichment
added 2025/01/16 9:39 a.m.7 views

CVE-2024-12427 Multi Step Form <= 1.7.23 - Missing Authorization to Unauthenticated Limited File Upload

The Multi Step Form plugin for WordPress is vulnerable to unauthorized limited file upload due to a missing capability check on the fwuploadfile AJAX action in all versions up to, and including, 1.7.23. This makes it possible for unauthenticated attackers to upload limited file types such as imag...

5.3CVSS6.8AI score0.00385EPSS
Exploits0References4
CNNVD
CNNVD
added 2025/01/16 12:0 a.m.5 views

WordPress plugin Multi Step Form 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed in the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability exist...

5.3CVSS7.8AI score0.00385EPSS
Exploits0References4
Patchstack
Patchstack
added 2025/01/15 9:37 p.m.7 views

WordPress Multi Step Form plugin <= 1.7.23 - Missing Authorization to Unauthenticated Limited File Upload vulnerability

Missing Authorization to Unauthenticated Limited File Upload vulnerability discovered by Ryan Zegar in WordPress Plugin Multi Step Form versions = 1.7.23...

5.3CVSS7AI score0.00385EPSS
Exploits0References1Affected Software1
OSV
OSV
added 2024/12/04 4:20 p.m.7 views

DRUPAL-CONTRIB-2024-071

This module allows a site builder to create multi-step entity forms leveraging the Field Group field type plugins. The module doesn't escape plain text administrative configurations. An attacker with admin access could inject arbitrary JavaScript code. This vulnerability is mitigated by the fact...

4.8CVSS6.6AI score0.00228EPSS
Exploits0References1
OSV
OSV
added 2024/10/29 10:15 p.m.6 views

CVE-2024-50428

Missing Authorization vulnerability in Mondula GmbH Multi Step Form allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Multi Step Form: from n/a through 1.7.21...

9.8CVSS5.8AI score0.00322EPSS
Exploits0References1
NVD
NVD
added 2024/10/29 10:15 p.m.13 views

CVE-2024-50428

Missing Authorization vulnerability in mondula2016 Multi Step Form multi-step-form allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Multi Step Form: from n/a through = 1.7.21...

9.8CVSS0.00322EPSS
Exploits0References1
Rows per page
Query Builder