101 matches found
WordPress Easy Registration Forms plugin <= 2.1.1 - Cross-Site Request Forgery (CSRF) vulnerability leading to Stored Cross-Site Scripting (XSS)
Cross-Site Request Forgery CSRF vulnerability leading to Stored Cross-Site Scripting XSS discovered by Thinkland Security Team in WordPress Easy Registration Forms plugin versions = 2.1.1. Solution Deactivate and delete. This plugin has been closed as of November 12, 2021 and is not available for...
CVE-2021-24731
The Registration Forms – User profile, Content Restriction, Spam Protection, Payment Gateways, Invitation Codes WordPress plugin before 3.7.1.6 does not properly escape user data before using it in a SQL statement in the wp-json/pie/v1/login REST API endpoint, leading to an SQL injection...
CVE-2021-24731
The Registration Forms – User profile, Content Restriction, Spam Protection, Payment Gateways, Invitation Codes WordPress plugin before 3.7.1.6 does not properly escape user data before using it in a SQL statement in the wp-json/pie/v1/login REST API endpoint, leading to an SQL injection...
CVE-2021-24647
The Registration Forms – User profile, Content Restriction, Spam Protection, Payment Gateways, Invitation Codes WordPress plugin before 3.1.7.6 has a flaw in the social login implementation, allowing unauthenticated attacker to login as any user on the site by only knowing their user ID or userna...
Sql injection
The Registration Forms – User profile, Content Restriction, Spam Protection, Payment Gateways, Invitation Codes WordPress plugin before 3.7.1.6 does not properly escape user data before using it in a SQL statement in the wp-json/pie/v1/login REST API endpoint, leading to an SQL injection...
Information disclosure
The Registration Forms – User profile, Content Restriction, Spam Protection, Payment Gateways, Invitation Codes WordPress plugin before 3.1.7.6 has a flaw in the social login implementation, allowing unauthenticated attacker to login as any user on the site by only knowing their user ID or...
WordPress SQL注入漏洞
WordPress is a set of blogging platforms developed using the PHP language by the WordPress Wordpress Foundation. The platform supports personal blog sites on PHP and MySQL servers. WordPress Plugin Registration Forms â€" User profile, Content Restriction, Spam Protection, Payment Gateways,...
VulnCheck KEV: CVE-2021-24647
The Registration Forms – User profile, Content Restriction, Spam Protection, Payment Gateways, Invitation Codes WordPress plugin before 3.1.7.6 has a flaw in the social login implementation, allowing unauthenticated attacker to login as any user on the site by only knowing their user ID or userna...
Critical WordPress-Plugin Bug Found in 'Orbit Fox' Allows Site Takeover
Two vulnerabilities one critical in a WordPress plugin called Orbit Fox could allow attackers to inject malicious code into vulnerable websites and/or take control of a website. Orbit Fox is a multi-featured WordPress plugin that works with the Elementor, Beaver Builder and Gutenberg site-buildin...
WordPress Easy Registration Forms plugin <= 2.0.6 - CSV Injection vulnerability
CSV Injection vulnerability found by Mohamad Pishdar cert.ikiu.ac.ir in WordPress Easy Registration Forms plugin versions = 2.0.6. Solution 2020-11-20 - we were unable to find information about the fix for this vulnerability...
Easy Registration Forms <= 2.0.6 - CSV Injection
Easy Registration Forms ER Forms Wordpress Plugin 2.0.6 allows an attacker to submit an entry with malicious CSV commands. After that, when the system administrator generates CSV output from the forms information, there is no check on this inputs and the codes are executable...
Wordpress Plugin Easy Registration Forms (ER Forms) Input Verification Error
WordPress is a blogging platform developed in PHP by the WordPress Foundation. The platform supports setting up personal blog sites on servers with PHP and MySQL.Easy Registration Forms is a Wordpress plugin for implementing form effects. An input validation error vulnerability exists in the...
CVE-2020-22275
Easy Registration Forms ER Forms Wordpress Plugin 2.0.6 allows an attacker to submit an entry with malicious CSV commands. After that, when the system administrator generates CSV output from the forms information, there is no check on this inputs and the codes are executable...
Design/Logic Flaw
Easy Registration Forms ER Forms Wordpress Plugin 2.0.6 allows an attacker to submit an entry with malicious CSV commands. After that, when the system administrator generates CSV output from the forms information, there is no check on this inputs and the codes are executable...
CVE-2020-22275
Easy Registration Forms ER Forms Wordpress Plugin 2.0.6 allows an attacker to submit an entry with malicious CSV commands. After that, when the system administrator generates CSV output from the forms information, there is no check on this inputs and the codes are executable...
RegistrationMagic - Custom Registration Forms <= 3.8.0.4 - Authenticated Reflected XSS
The RegistrationMagic – Custom Registration Forms and User Login WordPress plugin was affected by a Custom Registration Forms = 3.8.0.4 - Authenticated Reflected XSS security vulnerability. GET...
RegistrationMagic - Custom Registration Forms <= 3.8.0.4 - Authenticated SQL Injection
The RegistrationMagic – Custom Registration Forms and User Login WordPress plugin was affected by a Custom Registration Forms = 3.8.0.4 - Authenticated SQL Injection security vulnerability. GET...
WordPress RegistrationMagic-Custom Registration Forms SQL Injection
SQL Injection vulnerability in WordPress RegistrationMagic-Custom Registration Forms plugin includes/classrmdbmanager.php Vulnerability Type: SQL Injection For the exploit source code contact DSquare Security sales team...
phpmailer -- Remote Code Execution
Legal Hackers reports: An independent research uncovered a critical vulnerability in PHPMailer that could potentially be used by unauthenticated remote attackers to achieve remote arbitrary code execution in the context of the web server user and remotely compromise the target web application. To...
FreeBSD : phpmailer -- Remote Code Execution (c7656d4c-cb60-11e6-a9a5-b499baebfeaf)
Legal Hackers reports : An independent research uncovered a critical vulnerability in PHPMailer that could potentially be used by unauthenticated remote attackers to achieve remote arbitrary code execution in the context of the web server user and remotely compromise the target web application. T...