Lucene search
K

101 matches found

Prion
Prion
added 2023/11/30 2:15 p.m.20 views

Cross site request forgery (csrf)

Cross-Site Request Forgery CSRF vulnerability in RegistrationMagic RegistrationMagic – Custom Registration Forms, User Registration, Payment, and User Login allows Cross Site Request Forgery.This issue affects RegistrationMagic – Custom Registration Forms, User Registration, Payment, and User...

6.8CVSS7.2AI score0.00261EPSS
Exploits0References1Affected Software1
CVE
CVE
added 2023/11/30 1:34 p.m.81 views

CVE-2023-47645

CVE-2023-47645 concerns the RegistrationMagic WordPress plugin. A CSRF vulnerability affects RegistrationMagic – Custom Registration Forms, User Registration, Payment, and User Login, with exposure noted for versions n/a through 5.2.2.6. Public references document the vulnerability and list a pat...

8.8CVSS8.4AI score0.00261EPSS
Exploits0References1Affected Software1
VulnCheck KEV
VulnCheck KEV
added 2023/11/27 12:0 a.m.11 views

VulnCheck KEV: CVE-2023-0552

The Registration Forms WordPress plugin before 3.8.2.3 does not properly validate the redirection URL when logging in and login out, leading to an Open Redirect vulnerability...

5.4CVSS6.7AI score0.24263EPSS
Exploits2References1
NVD
NVD
added 2023/11/13 2:15 a.m.32 views

CVE-2023-47669

Cross-Site Request Forgery CSRF vulnerability in Cozmoslabs User Profile Builder – Beautiful User Registration Forms, User Profiles & User Role Editor plugin = 3.10.3 versions...

8.8CVSS0.00254EPSS
Exploits0References1
Prion
Prion
added 2023/11/13 2:15 a.m.18 views

Cross site request forgery (csrf)

Cross-Site Request Forgery CSRF vulnerability in Cozmoslabs User Profile Builder – Beautiful User Registration Forms, User Profiles & User Role Editor plugin = 3.10.3 versions...

6.8CVSS7.2AI score0.00254EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2023/11/13 12:55 a.m.35 views

CVE-2023-47669 WordPress Profile Builder Plugin <= 3.10.3 is vulnerable to Cross Site Request Forgery (CSRF)

Cross-Site Request Forgery CSRF vulnerability in Cozmoslabs User Profile Builder – Beautiful User Registration Forms, User Profiles & User Role Editor plugin = 3.10.3 versions...

5.4CVSS9AI score0.00254EPSS
Exploits0References1
CVE
CVE
added 2023/11/13 12:55 a.m.57 views

CVE-2023-47669

CVE-2023-47669 is a CSRF vulnerability in the WordPress plugin “User Profile Builder – Beautiful User Registration Forms, User Profiles & User Role Editor” by Cozmoslabs, affecting versions prior to 3.10.3. The issue allows cross-site request forgery without authentication (per Patchstack/CVE rec...

8.8CVSS7AI score0.00254EPSS
Exploits0References1Affected Software1
Vulnrichment
Vulnrichment
added 2023/11/13 12:55 a.m.20 views

CVE-2023-47669 WordPress Profile Builder Plugin <= 3.10.3 is vulnerable to Cross Site Request Forgery (CSRF)

Cross-Site Request Forgery CSRF vulnerability in Cozmoslabs User Profile Builder – Beautiful User Registration Forms, User Profiles & User Role Editor plugin = 3.10.3 versions...

5.4CVSS7.1AI score0.00254EPSS
Exploits0References1
BDU FSTEC
BDU FSTEC
added 2023/11/09 12:0 a.m.11 views

The vulnerability of the Registration Forms plugin in the WordPress content management system allows a hacker to redirect users to arbitrary websites.

The vulnerability of the Registration Forms plugin in the WordPress content management system involves redirecting URLs to an unreliable website. Exploiting this vulnerability could allow a malicious actor to redirect users to arbitrary websites...

5.5CVSS6.7AI score0.24263EPSS
Exploits2References2Affected Software1
Patchstack
Patchstack
added 2023/09/25 12:0 a.m.12 views

WordPress Easy Registration Forms Plugin <= 2.1.1 is vulnerable to Sensitive Data Exposure

Software Easy Registration Forms Type Plugin Vulnerable versions = 2.1.1 Fixed in N/A OWASP Top 10 A3: Sensitive Data Exposure Classification Sensitive Data Exposure CVE CVE-2023-5134 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID a5bfe7a3054b Credits Lana Codes Required...

4.3CVSS6.9AI score0.00441EPSS
Exploits0References2Affected Software1
OSV
OSV
added 2023/09/23 8:15 a.m.6 views

CVE-2023-5134

The Easy Registration Forms for WordPress is vulnerable to Information Disclosure via the 'erformsusermeta' shortcode in versions up to, and including, 2.1.1 due to insufficient controls on the information retrievable via the shortcode. This makes it possible for authenticated attackers, with...

4.3CVSS7.2AI score0.00441EPSS
Exploits0References2
NVD
NVD
added 2023/09/23 8:15 a.m.14 views

CVE-2023-5134

The Easy Registration Forms for WordPress is vulnerable to Information Disclosure via the 'erformsusermeta' shortcode in versions up to, and including, 2.1.1 due to insufficient controls on the information retrievable via the shortcode. This makes it possible for authenticated attackers, with...

4.3CVSS4.2AI score0.00441EPSS
Exploits0References2
CVE
CVE
added 2023/09/23 7:34 a.m.53 views

CVE-2023-5134

CVE-2023-5134 affects the WordPress plugin “Easy Registration Forms”. The vulnerability stems from insufficient access controls on the shortcodes, specifically the erforms_user_meta shortcode. Versions up to and including 2.1.1 are susceptible. With subscriber-level capabilities or higher, an aut...

4.3CVSS4.5AI score0.00441EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2023/09/23 7:34 a.m.26 views

CVE-2023-5134 Easy Registration Forms <= 2.1.1 - Authenticated (Subscriber+) Information Disclosure via Shortcode

The Easy Registration Forms for WordPress is vulnerable to Information Disclosure via the 'erformsusermeta' shortcode in versions up to, and including, 2.1.1 due to insufficient controls on the information retrievable via the shortcode. This makes it possible for authenticated attackers, with...

4.3CVSS4.6AI score0.00441EPSS
Exploits0References2
CNNVD
CNNVD
added 2023/09/23 12:0 a.m.6 views

WordPress plugin Easy Registration Forms Information Disclosure Vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. An information disclosure vulnerability...

4.3CVSS6.3AI score0.00441EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2023/09/23 12:0 a.m.6 views

PT-2023-31786 · WordPress · Easy Registration Forms

Name of the Vulnerable Software and Affected Versions: Easy Registration Forms for WordPress versions up to, and including, 2.1.1 Description: The issue allows authenticated attackers with subscriber-level capabilities or above to retrieve arbitrary sensitive user meta via the erforms user meta...

4.3CVSS4.9AI score0.00441EPSS
Exploits0References7
OSV
OSV
added 2023/07/31 10:15 a.m.4 views

CVE-2022-4888

The Checkout Fields Manager WordPress plugin before 1.0.2, Abandoned Cart Recovery WordPress plugin before 1.2.5, Custom Fields for WooCommerce WordPress plugin before 1.0.4, Custom Order Number WordPress plugin through 1.0.1, Custom Registration Forms Builder WordPress plugin before 1.0.2,...

6.5CVSS5.8AI score0.00313EPSS
Exploits2References1
Positive Technologies
Positive Technologies
added 2023/07/31 12:0 a.m.19 views

PT-2023-15899 · WordPress · Checkout Fields Manager +12

Name of the Vulnerable Software and Affected Versions: Checkout Fields Manager WordPress plugin versions prior to 1.0.2 Abandoned Cart Recovery WordPress plugin versions prior to 1.2.5 Custom Fields for WooCommerce WordPress plugin versions prior to 1.0.4 Custom Order Number WordPress plugin...

6.5CVSS8.8AI score0.00313EPSS
Exploits2References5
0day.today
0day.today
added 2023/03/15 12:0 a.m.359 views

WordPress Profile Builder 3.9.0 Missing Authorization Vulnerability

WordPress Profile Builder plugin versions 3.9.0 and below suffer from a missing authorization vulnerability in wppbtoolboxusermetahandler. Description: Profile Builder – User Profile & User Registration Forms get’. Finally, the function returns the value of the retrieved ‘key’ for the given...

6.5CVSS6.9AI score0.00769EPSS
Exploits2
OSV
OSV
added 2023/02/27 4:15 p.m.7 views

CVE-2023-0552

The Registration Forms WordPress plugin before 3.8.2.3 does not properly validate the redirection URL when logging in and login out, leading to an Open Redirect vulnerability...

5.4CVSS6.7AI score0.24263EPSS
Exploits2References1
Rows per page
Query Builder