101 matches found
Cross site request forgery (csrf)
Cross-Site Request Forgery CSRF vulnerability in RegistrationMagic RegistrationMagic – Custom Registration Forms, User Registration, Payment, and User Login allows Cross Site Request Forgery.This issue affects RegistrationMagic – Custom Registration Forms, User Registration, Payment, and User...
CVE-2023-47645
CVE-2023-47645 concerns the RegistrationMagic WordPress plugin. A CSRF vulnerability affects RegistrationMagic – Custom Registration Forms, User Registration, Payment, and User Login, with exposure noted for versions n/a through 5.2.2.6. Public references document the vulnerability and list a pat...
VulnCheck KEV: CVE-2023-0552
The Registration Forms WordPress plugin before 3.8.2.3 does not properly validate the redirection URL when logging in and login out, leading to an Open Redirect vulnerability...
CVE-2023-47669
Cross-Site Request Forgery CSRF vulnerability in Cozmoslabs User Profile Builder – Beautiful User Registration Forms, User Profiles & User Role Editor plugin = 3.10.3 versions...
Cross site request forgery (csrf)
Cross-Site Request Forgery CSRF vulnerability in Cozmoslabs User Profile Builder – Beautiful User Registration Forms, User Profiles & User Role Editor plugin = 3.10.3 versions...
CVE-2023-47669 WordPress Profile Builder Plugin <= 3.10.3 is vulnerable to Cross Site Request Forgery (CSRF)
Cross-Site Request Forgery CSRF vulnerability in Cozmoslabs User Profile Builder – Beautiful User Registration Forms, User Profiles & User Role Editor plugin = 3.10.3 versions...
CVE-2023-47669
CVE-2023-47669 is a CSRF vulnerability in the WordPress plugin “User Profile Builder – Beautiful User Registration Forms, User Profiles & User Role Editor” by Cozmoslabs, affecting versions prior to 3.10.3. The issue allows cross-site request forgery without authentication (per Patchstack/CVE rec...
CVE-2023-47669 WordPress Profile Builder Plugin <= 3.10.3 is vulnerable to Cross Site Request Forgery (CSRF)
Cross-Site Request Forgery CSRF vulnerability in Cozmoslabs User Profile Builder – Beautiful User Registration Forms, User Profiles & User Role Editor plugin = 3.10.3 versions...
The vulnerability of the Registration Forms plugin in the WordPress content management system allows a hacker to redirect users to arbitrary websites.
The vulnerability of the Registration Forms plugin in the WordPress content management system involves redirecting URLs to an unreliable website. Exploiting this vulnerability could allow a malicious actor to redirect users to arbitrary websites...
WordPress Easy Registration Forms Plugin <= 2.1.1 is vulnerable to Sensitive Data Exposure
Software Easy Registration Forms Type Plugin Vulnerable versions = 2.1.1 Fixed in N/A OWASP Top 10 A3: Sensitive Data Exposure Classification Sensitive Data Exposure CVE CVE-2023-5134 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID a5bfe7a3054b Credits Lana Codes Required...
CVE-2023-5134
The Easy Registration Forms for WordPress is vulnerable to Information Disclosure via the 'erformsusermeta' shortcode in versions up to, and including, 2.1.1 due to insufficient controls on the information retrievable via the shortcode. This makes it possible for authenticated attackers, with...
CVE-2023-5134
The Easy Registration Forms for WordPress is vulnerable to Information Disclosure via the 'erformsusermeta' shortcode in versions up to, and including, 2.1.1 due to insufficient controls on the information retrievable via the shortcode. This makes it possible for authenticated attackers, with...
CVE-2023-5134
CVE-2023-5134 affects the WordPress plugin “Easy Registration Forms”. The vulnerability stems from insufficient access controls on the shortcodes, specifically the erforms_user_meta shortcode. Versions up to and including 2.1.1 are susceptible. With subscriber-level capabilities or higher, an aut...
CVE-2023-5134 Easy Registration Forms <= 2.1.1 - Authenticated (Subscriber+) Information Disclosure via Shortcode
The Easy Registration Forms for WordPress is vulnerable to Information Disclosure via the 'erformsusermeta' shortcode in versions up to, and including, 2.1.1 due to insufficient controls on the information retrievable via the shortcode. This makes it possible for authenticated attackers, with...
WordPress plugin Easy Registration Forms Information Disclosure Vulnerability
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. An information disclosure vulnerability...
PT-2023-31786 · WordPress · Easy Registration Forms
Name of the Vulnerable Software and Affected Versions: Easy Registration Forms for WordPress versions up to, and including, 2.1.1 Description: The issue allows authenticated attackers with subscriber-level capabilities or above to retrieve arbitrary sensitive user meta via the erforms user meta...
CVE-2022-4888
The Checkout Fields Manager WordPress plugin before 1.0.2, Abandoned Cart Recovery WordPress plugin before 1.2.5, Custom Fields for WooCommerce WordPress plugin before 1.0.4, Custom Order Number WordPress plugin through 1.0.1, Custom Registration Forms Builder WordPress plugin before 1.0.2,...
PT-2023-15899 · WordPress · Checkout Fields Manager +12
Name of the Vulnerable Software and Affected Versions: Checkout Fields Manager WordPress plugin versions prior to 1.0.2 Abandoned Cart Recovery WordPress plugin versions prior to 1.2.5 Custom Fields for WooCommerce WordPress plugin versions prior to 1.0.4 Custom Order Number WordPress plugin...
WordPress Profile Builder 3.9.0 Missing Authorization Vulnerability
WordPress Profile Builder plugin versions 3.9.0 and below suffer from a missing authorization vulnerability in wppbtoolboxusermetahandler. Description: Profile Builder – User Profile & User Registration Forms get’. Finally, the function returns the value of the retrieved ‘key’ for the given...
CVE-2023-0552
The Registration Forms WordPress plugin before 3.8.2.3 does not properly validate the redirection URL when logging in and login out, leading to an Open Redirect vulnerability...