177 matches found
PT-2025-36352
Name of the Vulnerable Software and Affected Versions: Multi Step Form plugin for WordPress versions prior to 1.7.26 Description: The Multi Step Form plugin for WordPress is susceptible to arbitrary file uploads due to a lack of file type validation during the import process. This allows...
WordPress plugin Multi Step Form 代码问题漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A code issue vulnerability...
WordPress Multi Step Form plugin <= 1.7.25 - Authenticated (Admin+) Arbitrary File Upload vulnerability
Authenticated Admin+ Arbitrary File Upload vulnerability discovered by tmrswrr in WordPress Plugin Multi Step Form versions = 1.7.25...
Smart Contracts for SMEs and Large Companies
Research on blockchains addresses multiple issues, with one being writing smart contracts. In our previous research we described methodology and a tool to generate, in automated fashion, smart contracts from BPMN models. The generated smart contracts provide support for multi-step transactions th...
CVE-2024-25905
Cross-Site Request Forgery CSRF vulnerability in Mondula GmbH Multi Step Form.This issue affects Multi Step Form: from n/a through 1.7.18...
CVE-2024-12427
The Multi Step Form plugin for WordPress is vulnerable to unauthorized limited file upload due to a missing capability check on the fwuploadfile AJAX action in all versions up to, and including, 1.7.23. This makes it possible for unauthenticated attackers to upload limited file types such as imag...
CVE-2024-50428
Missing Authorization vulnerability in mondula2016 Multi Step Form multi-step-form allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Multi Step Form: from n/a through = 1.7.21...
CVE-2023-36829
Sentry is an error tracking and performance monitoring platform. Starting in version 23.6.0 and prior to version 23.6.2, the Sentry API incorrectly returns the access-control-allow-credentials: true HTTP header if the Origin request header ends with the system.base-hostname option of Sentry...
CVE-2023-47758
Cross-Site Request Forgery CSRF vulnerability in Mondula GmbH Multi Step Form plugin = 1.7.11 versions...
CVE-2022-4196
The Multi Step Form WordPress plugin before 1.7.8 does not sanitise and escape some of its form fields, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...
Quantifying the Noise of Structural Perturbations on Graph Adversarial Attacks
Graph neural networks have been widely utilized to solve graph-related tasks because of their strong learning power in utilizing the local information of neighbors. However, recent studies on graph adversarial attacks have proven that current graph neural networks are not robust against malicious...
CVE-2024-47331
Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Ninja Team Multi Step for Contact Form cf7-multi-step allows SQL Injection.This issue affects Multi Step for Contact Form: from n/a through = 2.7.7...
CVE-2024-12427
The Multi Step Form plugin for WordPress is vulnerable to unauthorized limited file upload due to a missing capability check on the fwuploadfile AJAX action in all versions up to, and including, 1.7.23. This makes it possible for unauthenticated attackers to upload limited file types such as imag...
CVE-2024-12427
CVE-2024-12427 affects the WordPress plugin Multi Step Form (aka Multi Step Form for WordPress). The issue is an unauthorized file upload via the fw_upload_file AJAX action, caused by a missing capability check in all versions up to and including 1.7.23. This allows unauthenticated attackers to u...
CVE-2024-12427 Multi Step Form <= 1.7.23 - Missing Authorization to Unauthenticated Limited File Upload
The Multi Step Form plugin for WordPress is vulnerable to unauthorized limited file upload due to a missing capability check on the fwuploadfile AJAX action in all versions up to, and including, 1.7.23. This makes it possible for unauthenticated attackers to upload limited file types such as imag...
WordPress plugin Multi Step Form 安全漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed in the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability exist...
WordPress Multi Step Form plugin <= 1.7.23 - Missing Authorization to Unauthenticated Limited File Upload vulnerability
Missing Authorization to Unauthenticated Limited File Upload vulnerability discovered by Ryan Zegar in WordPress Plugin Multi Step Form versions = 1.7.23...
DRUPAL-CONTRIB-2024-071
This module allows a site builder to create multi-step entity forms leveraging the Field Group field type plugins. The module doesn't escape plain text administrative configurations. An attacker with admin access could inject arbitrary JavaScript code. This vulnerability is mitigated by the fact...
CVE-2024-50428
Missing Authorization vulnerability in Mondula GmbH Multi Step Form allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Multi Step Form: from n/a through 1.7.21...
CVE-2024-50428
Missing Authorization vulnerability in mondula2016 Multi Step Form multi-step-form allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Multi Step Form: from n/a through = 1.7.21...