360 matches found
WordPress 授权问题漏洞
WordPress is a set of blogging platforms developed using the PHP language by the WordPress Wordpress Foundation. The platform supports setting up personal blog sites on servers with PHP and MySQL. An authorization issue vulnerability exists in the WordPress plugin Basix NEX-Forms 7.8.7 and earlie...
WordPress 授权问题漏洞
WordPress is the WordPress Foundation's suite of blogging platforms developed using the PHP language. The platform supports the hosting of personal blogging sites on servers with PHP and MySQL. WordPress plugin Basix NEX-Forms in version 7.8.7 and earlier has an authentication bypass vulnerabilit...
Sql injection
The nex-forms-express-wp-form-builder plugin before 4.6.1 for WordPress has SQL injection via the wp-admin/admin.php?page=nex-forms-main nexformsId parameter...
PT-2019-7411 · Nexforms · Nex-Forms-Express-Wp-Form-Builder
Name of the Vulnerable Software and Affected Versions: nex-forms-express-wp-form-builder plugin versions prior to 4.6.1 Description: The issue is related to SQL injection via the "wp-admin/admin.php?page=nex-forms-main" API endpoint, specifically through the nex forms Id parameter. This allows fo...
WordPress NEX-Forms Lite Plugin Cross-Site Scripting Vulnerability
WordPress is the WordPress Software Foundation's set of blogging platform developed using the PHP language , the platform supports PHP and MySQL server set up a personal blog site . NEX-Forms Lite is one of the user-defined plugin to create forms . A cross-site scripting vulnerability exists in...
CVE-2014-7151
Multiple cross-site scripting XSS vulnerabilities in the NEX-Forms Lite plugin 2.1.0 for WordPress allow remote attackers to inject arbitrary web script or HTML via the formfields parameter in a 1 doedit or 2 doinsert action to wp-admin/admin-ajax.php...
Cross site scripting
Multiple cross-site scripting XSS vulnerabilities in the NEX-Forms Lite plugin 2.1.0 for WordPress allow remote attackers to inject arbitrary web script or HTML via the formfields parameter in a 1 doedit or 2 doinsert action to wp-admin/admin-ajax.php...
CVE-2014-7151
Multiple cross-site scripting XSS vulnerabilities in the NEX-Forms Lite plugin 2.1.0 for WordPress allow remote attackers to inject arbitrary web script or HTML via the formfields parameter in a 1 doedit or 2 doinsert action to wp-admin/admin-ajax.php...
CVE-2014-7151
CVE-2014-7151 affects the WordPress NEX-Forms Lite plugin (v2.1.0). It describes multiple cross-site scripting (XSS) vulnerabilities via the form_fields parameter in admin-ajax.php during do_edit/do_insert actions. Root cause: insufficient filtering of form_fields. Impact: cross-site script/HTML ...
NEX-Forms <= 4.0 - Unauthenticated Blind SQL Injection
The NEX-Forms – Ultimate Form Builder – Contact forms and much more WordPress plugin was affected by an Unauthenticated Blind SQL Injection security vulnerability...
WordPress NEX-Forms Plugin <= 4.0 - Blind SQL Injection
Because of this vulnerability, unauthenticated attackers and authenticatged users can inject arbitrary SQL commands. Solution Upgrade the plugin...
WordPress NEX-Forms 3.0 SQL Injection
SQL Injection vulnerability in WordPress NEX-Forms plugin nexformsId parameter Vulnerability Type: SQL Injection For the exploit source code contact DSquare Security sales team...
WordPress NEX-Forms 3.0 SQL Injection
Exploit Title : NEX-Forms 3.0 SQL Injection Vulnerability Exploit Author : Claudio Viviani Website Author: http://www.homelab.it http://archive-exploit.homelab.it/1 Full HomelabIT Vulns Archive Vendor Homepage : https://wordpress.org/plugins/nex-forms-express-wp-form-builder/ Software Link :...
Wordpress NEX-Forms 3.0 SQL Injection Vulnerability
Exploit for php platform in category web applications Exploit Title : NEX-Forms 3.0 SQL Injection Vulnerability Exploit Author : Claudio Viviani Website Author: http://www.homelab.it http://archive-exploit.homelab.it/1 Full HomelabIT Vulns Archive Vendor Homepage :...
WordPress Plugin NEX-Forms 3.0 - SQL Injection
WordPress Plugin NEX-Forms 3.0 - SQL Injection Exploit Title : NEX-Forms 3.0 SQL Injection Vulnerability Exploit Author : Claudio Viviani Website Author: http://www.homelab.it http://archive-exploit.homelab.it/1 Full HomelabIT Vulns Archive Vendor Homepage :...
WordPress NEX-Forms <= 2.9 - SQL Injection
This WordPress NEX-Forms plugin is prone to an SQL injection. This vulnerability allows an attacker to modify data, compromise the access and application or exploit hidden vulnerabilities in the underlying database. Solution Update the plugin...
WordPress NEX-Forms 3.0 SQL Injection
AUTOR SCRIPT: Cleiton Pinheiro / Nick: googleINURL Exploit name: MINI 3xplo1t-SqlMap - WordPress NEX-Forms 3.0 SQL Injection Vulnerability Type: SQL Injection Email: [email protected] Blog: http://blog.inurl.com.br Twitter: https://twitter.com/googleinurl Fanpage: https://fb.com/InurlBrasil...
NEX-Forms - Ultimate Form builder <= 3.0 - SQL Injection
The NEX-Forms – Ultimate Form Builder – Contact forms and much more WordPress plugin was affected by an Ultimate Form builder = 3.0 - SQL Injection security vulnerability...
WordPress Plugin NEX-Forms < 3.0 - SQL Injection
Exploit Title : NEX-Forms 3.0 SQL Injection Vulnerability Exploit Author : Claudio Viviani Website Author: http://www.homelab.it http://archive-exploit.homelab.it/1 Full HomelabIT Vulns Archive Vendor Homepage : https://wordpress.org/plugins/nex-forms-express-wp-form-builder/ Software Link :...
WordPress NEX-Forms Lite Plugin <= 2.1.0 - Multiple XSS
Because of these vulnerabilities, the attackers can inject arbitrary web script or HTML via the "formfields" parameter. Solution Update the plugin...