20 matches found
EUVD-2024-35082
Malicious code in bioql PyPI...
CVE-2025-7696
The Integration for Pipedrive and Contact Form 7, WPForms, Elementor, Ninja Forms plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 1.2.3 via deserialization of untrusted input within the verifyfieldval function. This makes it possible for...
CVE-2025-7696
The Integration for Pipedrive and Contact Form 7, WPForms, Elementor, Ninja Forms plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 1.2.3 via deserialization of untrusted input within the verifyfieldval function. This makes it possible for...
CVE-2025-7696 Integration for Pipedrive and Contact Form 7, WPForms, Elementor, Ninja Forms <= 1.2.3 - Unauthenticated PHP Object Injection via verify_field_val Function
The Integration for Pipedrive and Contact Form 7, WPForms, Elementor, Ninja Forms plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 1.2.3 via deserialization of untrusted input within the verifyfieldval function. This makes it possible for...
CVE-2025-7696 Integration for Pipedrive and Contact Form 7, WPForms, Elementor, Ninja Forms <= 1.2.3 - Unauthenticated PHP Object Injection via verify_field_val Function
The Integration for Pipedrive and Contact Form 7, WPForms, Elementor, Ninja Forms plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 1.2.3 via deserialization of untrusted input within the verifyfieldval function. This makes it possible for...
CVE-2025-7696
CVE-2025-7696 : The WordPress plugin Integration for Pipedrive and Contact Form 7, WPForms, Elementor, Ninja Forms is vulnerable to unauthenticated PHP Object Injection via the verify_field_val() function in all versions up to 1.2.3. Deserialization of untrusted input enables injection of a PHP o...
WordPress plugin Integration for Pipedrive and Contact Form 7, WPForms, Elementor, Ninja Forms 代码问题漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers running PHP and MySQL. WordPress plugin is an application plugin. A code issue vulnerability exists ...
CVE-2024-34817
Cross-Site Request Forgery CSRF vulnerability in CRM Perks Integration for Pipedrive and Contact Form 7, WPForms, Elementor, Ninja Forms.This issue affects Integration for Pipedrive and Contact Form 7, WPForms, Elementor, Ninja Forms: from n/a through 1.2.0...
Integration for Pipedrive and Contact Form 7, WPForms, Elementor, Ninja Forms < 1.2.1 - Cross-Site Request Forgery
Description The Integration for Pipedrive and Contact Form 7, WPForms, Elementor, Ninja Forms plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.2.0. This is due to missing or incorrect nonce validation on the settingspage function. This makes...
CVE-2024-34817
CVE-2024-34817 is a CSRF vulnerability in the Integration for Pipedrive and Contact Form 7, WPForms, Elementor, Ninja Forms WordPress plugin. Affected versions are up to 1.2.0 (exact start version not provided). The vulnerability allows unauthorized cross-site actions due to CSRF, with the CVSS/a...
CVE-2024-34817 WordPress Integration for Pipedrive and Contact Form 7, WPForms, Elementor, Ninja Forms plugin <= 1.2.0 - Cross Site Request Forgery (CSRF) vulnerability
Cross-Site Request Forgery CSRF vulnerability in CRM Perks Integration for Pipedrive and Contact Form 7, WPForms, Elementor, Ninja Forms.This issue affects Integration for Pipedrive and Contact Form 7, WPForms, Elementor, Ninja Forms: from n/a through 1.2.0...
CVE-2024-34817 WordPress Integration for Pipedrive and Contact Form 7, WPForms, Elementor, Ninja Forms plugin <= 1.2.0 - Cross Site Request Forgery (CSRF) vulnerability
Cross-Site Request Forgery CSRF vulnerability in CRM Perks Integration for Pipedrive and Contact Form 7, WPForms, Elementor, Ninja Forms.This issue affects Integration for Pipedrive and Contact Form 7, WPForms, Elementor, Ninja Forms: from n/a through 1.2.0...
PT-2024-26213 · Unknown +2 · Integration For Pipedrive/Contact Form 7 +3
Name of the Vulnerable Software and Affected Versions: Integration for Pipedrive and Contact Form 7, WPForms, Elementor, Ninja Forms versions 1.2.0 and earlier Description: The issue is a Cross-Site Request Forgery CSRF vulnerability. This type of vulnerability allows an attacker to perform...
WordPress Integration for Pipedrive and Contact Form 7, WPForms, Elementor, Ninja Forms plugin <= 1.2.0 - Cross Site Request Forgery (CSRF) vulnerability
Cross Site Request Forgery CSRF vulnerability discovered by Joshua Chan Patchstack Alliance in WordPress Plugin Integration for Pipedrive and Contact Form 7, WPForms, Elementor, Ninja Forms versions = 1.2.0...
WordPress Integration for Pipedrive and Contact Form 7, WPForms, Elementor, Ninja Forms Plugin <= 1.2.0 is vulnerable to Cross Site Request Forgery (CSRF)
Software Integration for Pipedrive and Contact Form 7, WPForms, Elementor, Ninja Forms Type Plugin Vulnerable versions = 1.2.0 Fixed in 1.2.1 OWASP Top 10 A1: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2024-34817 Patch priority Low CVSS severity Low 4.3 Developer...
MAL-2022-5341 Malicious code in pipedrive-embeddable-ringcentral-phone-spa (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 6bc150e5ccb4209c706e7a4df2edfb54c9bbe1fc826a89a7bc5f011fe54676a2 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
Malicious code in pipedrive-embeddable-ringcentral-phone-spa (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 6bc150e5ccb4209c706e7a4df2edfb54c9bbe1fc826a89a7bc5f011fe54676a2 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
MAL-2022-5340 Malicious code in pipedrive-embeddable-engage-phone (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 0d86a390ab51c1f55c23ea94dbf9a4faf91454d565be06c287514428ec0a36de Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
Malicious code in pipedrive-embeddable-engage-phone (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 0d86a390ab51c1f55c23ea94dbf9a4faf91454d565be06c287514428ec0a36de Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
Dropcontact: API key is not validated for C.R.M integration [Pipedrive] of LOGGED IN USER, A user can use another USER'S API key for this operation.
We didn't verified the API key when a new user was using his pipedrive free trial, so someone could take a key of another pipedrive which don't belong to him and make his free trial on this api key. Or launch a free trial on a pipedrive already connected to pipedrive...