Lucene search
+L

101 matches found

patchstack
patchstack
added 2021/11/18 12:0 a.m.20 views

WordPress Easy Registration Forms plugin <= 2.1.1 - Cross-Site Request Forgery (CSRF) vulnerability leading to Stored Cross-Site Scripting (XSS)

Cross-Site Request Forgery CSRF vulnerability leading to Stored Cross-Site Scripting XSS discovered by Thinkland Security Team in WordPress Easy Registration Forms plugin versions = 2.1.1. Solution Deactivate and delete. This plugin has been closed as of November 12, 2021 and is not available for...

8.8CVSS1AI score0.00698EPSS
Exploits0References3Affected Software1
osv
osv
added 2021/11/08 6:15 p.m.6 views

CVE-2021-24731

The Registration Forms – User profile, Content Restriction, Spam Protection, Payment Gateways, Invitation Codes WordPress plugin before 3.7.1.6 does not properly escape user data before using it in a SQL statement in the wp-json/pie/v1/login REST API endpoint, leading to an SQL injection...

9.8CVSS5.9AI score0.07542EPSS
Exploits2References1
nvd
nvd
added 2021/11/08 6:15 p.m.17 views

CVE-2021-24731

The Registration Forms – User profile, Content Restriction, Spam Protection, Payment Gateways, Invitation Codes WordPress plugin before 3.7.1.6 does not properly escape user data before using it in a SQL statement in the wp-json/pie/v1/login REST API endpoint, leading to an SQL injection...

9.8CVSS0.07542EPSS
Exploits2References1
nvd
nvd
added 2021/11/08 6:15 p.m.23 views

CVE-2021-24647

The Registration Forms – User profile, Content Restriction, Spam Protection, Payment Gateways, Invitation Codes WordPress plugin before 3.1.7.6 has a flaw in the social login implementation, allowing unauthenticated attacker to login as any user on the site by only knowing their user ID or userna...

8.1CVSS0.0968EPSS
Exploits3References1
prion
prion
added 2021/11/08 6:15 p.m.15 views

Sql injection

The Registration Forms – User profile, Content Restriction, Spam Protection, Payment Gateways, Invitation Codes WordPress plugin before 3.7.1.6 does not properly escape user data before using it in a SQL statement in the wp-json/pie/v1/login REST API endpoint, leading to an SQL injection...

7.5CVSS9.7AI score0.07542EPSS
Exploits2References1Affected Software1
prion
prion
added 2021/11/08 6:15 p.m.14 views

Information disclosure

The Registration Forms – User profile, Content Restriction, Spam Protection, Payment Gateways, Invitation Codes WordPress plugin before 3.1.7.6 has a flaw in the social login implementation, allowing unauthenticated attacker to login as any user on the site by only knowing their user ID or...

6.8CVSS7.9AI score0.0968EPSS
Exploits3References1Affected Software1
cnnvd
cnnvd
added 2021/11/08 12:0 a.m.8 views

WordPress SQL注入漏洞

WordPress is a set of blogging platforms developed using the PHP language by the WordPress Wordpress Foundation. The platform supports personal blog sites on PHP and MySQL servers. WordPress Plugin Registration Forms â€" User profile, Content Restriction, Spam Protection, Payment Gateways,...

9.8CVSS8.5AI score0.07542EPSS
Exploits2References2
vulncheck_kev
vulncheck_kev
added 2021/10/11 12:0 a.m.9 views

VulnCheck KEV: CVE-2021-24647

The Registration Forms – User profile, Content Restriction, Spam Protection, Payment Gateways, Invitation Codes WordPress plugin before 3.1.7.6 has a flaw in the social login implementation, allowing unauthenticated attacker to login as any user on the site by only knowing their user ID or userna...

8.1CVSS7.1AI score0.0968EPSS
Exploits3References1
threatpost
threatpost
added 2021/01/13 7:41 p.m.57 views

Critical WordPress-Plugin Bug Found in 'Orbit Fox' Allows Site Takeover

Two vulnerabilities one critical in a WordPress plugin called Orbit Fox could allow attackers to inject malicious code into vulnerable websites and/or take control of a website. Orbit Fox is a multi-featured WordPress plugin that works with the Elementor, Beaver Builder and Gutenberg site-buildin...

0.2AI score
Exploits0References11
patchstack
patchstack
added 2020/11/20 12:0 a.m.15 views

WordPress Easy Registration Forms plugin <= 2.0.6 - CSV Injection vulnerability

CSV Injection vulnerability found by Mohamad Pishdar cert.ikiu.ac.ir in WordPress Easy Registration Forms plugin versions = 2.0.6. Solution 2020-11-20 - we were unable to find information about the fix for this vulnerability...

8.8CVSS3.2AI score0.02144EPSS
Exploits1References2Affected Software1
wpvulndb
wpvulndb
added 2020/11/20 12:0 a.m.25 views

Easy Registration Forms <= 2.0.6 - CSV Injection

Easy Registration Forms ER Forms Wordpress Plugin 2.0.6 allows an attacker to submit an entry with malicious CSV commands. After that, when the system administrator generates CSV output from the forms information, there is no check on this inputs and the codes are executable...

6.8CVSS3AI score0.02144EPSS
Exploits1References1Affected Software1
cnvd
cnvd
added 2020/11/05 12:0 a.m.13 views

Wordpress Plugin Easy Registration Forms (ER Forms) Input Verification Error

WordPress is a blogging platform developed in PHP by the WordPress Foundation. The platform supports setting up personal blog sites on servers with PHP and MySQL.Easy Registration Forms is a Wordpress plugin for implementing form effects. An input validation error vulnerability exists in the...

8.8CVSS6.9AI score0.02144EPSS
Exploits1References1
osv
osv
added 2020/11/04 5:15 p.m.9 views

CVE-2020-22275

Easy Registration Forms ER Forms Wordpress Plugin 2.0.6 allows an attacker to submit an entry with malicious CSV commands. After that, when the system administrator generates CSV output from the forms information, there is no check on this inputs and the codes are executable...

8.8CVSS7.3AI score0.02144EPSS
Exploits1References3
prion
prion
added 2020/11/04 5:15 p.m.19 views

Design/Logic Flaw

Easy Registration Forms ER Forms Wordpress Plugin 2.0.6 allows an attacker to submit an entry with malicious CSV commands. After that, when the system administrator generates CSV output from the forms information, there is no check on this inputs and the codes are executable...

6.8CVSS8.6AI score0.02144EPSS
Exploits1References3Affected Software1
cvelist
cvelist
added 2020/11/04 4:59 p.m.34 views

CVE-2020-22275

Easy Registration Forms ER Forms Wordpress Plugin 2.0.6 allows an attacker to submit an entry with malicious CSV commands. After that, when the system administrator generates CSV output from the forms information, there is no check on this inputs and the codes are executable...

8.7AI score0.02144EPSS
Exploits1References3
wpexploit
wpexploit
added 2017/12/10 12:0 a.m.14 views

RegistrationMagic - Custom Registration Forms <= 3.8.0.4 - Authenticated Reflected XSS

The RegistrationMagic – Custom Registration Forms and User Login WordPress plugin was affected by a Custom Registration Forms = 3.8.0.4 - Authenticated Reflected XSS security vulnerability. GET...

2.1AI score
Exploits0References2
wpexploit
wpexploit
added 2017/12/10 12:0 a.m.25 views

RegistrationMagic - Custom Registration Forms <= 3.8.0.4 - Authenticated SQL Injection

The RegistrationMagic – Custom Registration Forms and User Login WordPress plugin was affected by a Custom Registration Forms = 3.8.0.4 - Authenticated SQL Injection security vulnerability. GET...

2.3AI score
Exploits0References2
dsquare
dsquare
added 2017/10/15 12:0 a.m.441 views

WordPress RegistrationMagic-Custom Registration Forms SQL Injection

SQL Injection vulnerability in WordPress RegistrationMagic-Custom Registration Forms plugin includes/classrmdbmanager.php Vulnerability Type: SQL Injection For the exploit source code contact DSquare Security sales team...

0.6AI score
Exploits0
freebsd
freebsd
added 2016/12/28 12:0 a.m.81 views

phpmailer -- Remote Code Execution

Legal Hackers reports: An independent research uncovered a critical vulnerability in PHPMailer that could potentially be used by unauthenticated remote attackers to achieve remote arbitrary code execution in the context of the web server user and remotely compromise the target web application. To...

9.8CVSS10.1AI score0.99714EPSS
Exploits59References1
nessus
nessus
added 2016/12/27 12:0 a.m.78 views

FreeBSD : phpmailer -- Remote Code Execution (c7656d4c-cb60-11e6-a9a5-b499baebfeaf)

Legal Hackers reports : An independent research uncovered a critical vulnerability in PHPMailer that could potentially be used by unauthenticated remote attackers to achieve remote arbitrary code execution in the context of the web server user and remotely compromise the target web application. T...

9.8CVSS8.2AI score0.99714EPSS
Exploits58References4
Rows per page
Query Builder