13 matches found
CVE-2022-0402
The Super Forms - Drag & Drop Form Builder WordPress plugin before 6.0.4 does not escape the bobczypanstwasprawazostalarozwiazana parameter before outputting it back in an attribute via the superlanguageswitcher AJAX action, leading to a Reflected Cross-Site Scripting. The action is also lacking...
CVE-2022-0402
The Super Forms - Drag & Drop Form Builder WordPress plugin before 6.0.4 does not escape the bobczypanstwasprawazostalarozwiazana parameter before outputting it back in an attribute via the superlanguageswitcher AJAX action, leading to a Reflected Cross-Site Scripting. The action is also lacking...
CVE-2022-0402
The Super Forms - Drag & Drop Form Builder WordPress plugin before 6.0.4 does not escape the bobczypanstwasprawazostalarozwiazana parameter before outputting it back in an attribute via the superlanguageswitcher AJAX action, leading to a Reflected Cross-Site Scripting. The action is also lacking...
Cross site scripting
The Super Forms - Drag & Drop Form Builder WordPress plugin before 6.0.4 does not escape the bobczypanstwasprawazostalarozwiazana parameter before outputting it back in an attribute via the superlanguageswitcher AJAX action, leading to a Reflected Cross-Site Scripting. The action is also lacking...
CVE-2022-0402 Superforms < 6.0.4 - Reflected Cross-Site Scripting
The Super Forms - Drag & Drop Form Builder WordPress plugin before 6.0.4 does not escape the bobczypanstwasprawazostalarozwiazana parameter before outputting it back in an attribute via the superlanguageswitcher AJAX action, leading to a Reflected Cross-Site Scripting. The action is also lacking...
CVE-2022-0402
CVE-2022-0402 affects the WordPress plugin Super Forms – Drag & Drop Form Builder prior to 6.0.4. The vulnerability arises because the parameter named in the description (bob_czy_panstwa_sprawa_zostala_rozwiazana) is not escaped before being echoed back in an attribute via the super_language_swit...
CVE-2022-0402 Superforms < 6.0.4 - Reflected Cross-Site Scripting
The Super Forms - Drag & Drop Form Builder WordPress plugin before 6.0.4 does not escape the bobczypanstwasprawazostalarozwiazana parameter before outputting it back in an attribute via the superlanguageswitcher AJAX action, leading to a Reflected Cross-Site Scripting. The action is also lacking...
WordPress plugin Super Forms security vulnerability
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. WordPress is a blogging platform developed in the PHP language that supports personal blogs on PHP and MySQL servers.WordPress plugin is an application...
PT-2024-11503 · WordPress · The Super Forms - Drag & Drop Form Builder
Name of the Vulnerable Software and Affected Versions: The Super Forms - Drag & Drop Form Builder WordPress plugin versions prior to 6.0.4 Description: The issue is related to a Reflected Cross-Site Scripting problem. The bob czy panstwa sprawa zostala rozwiazana parameter is not properly escaped...
WordPress Super Forms premium plugin <= 4.9.700 - Arbitrary File Upload leading to Remote Code Execution (RCE) vulnerability
Arbitrary File Upload leading to Remote Code Execution RCE vulnerability found by ABDO10 in WordPress Super Forms premium plugin versions = 4.9.700. Solution Update the WordPress Super Forms premium plugin to the latest available version at least 4.9.703...
Super Forms < 4.9.703 - Unauthenticated PHP File Upload to RCE
The plugin uses the jQuery File Upload library, but does not properly ensure that PHP files are forbidden. Note: Exploitation of the issue is not as easy as the original advisory in the references states. If a form from the plugin with an upload field is present on the blog, and is used to upload...
Super Forms < 4.9.703 - Unauthenticated PHP File Upload to RCE
The plugin uses the jQuery File Upload library, but does not properly ensure that PHP files are forbidden. Note: Exploitation of the issue is not as easy as the original advisory in the references states. PoC If a form from the plugin with an upload field is present on the blog, and is used to...
WordPress Super Forms Bundle premium plugin <= 4.9.700 - Arbitrary File Upload leading to Remote Code Execution (RCE) vulnerability
Arbitrary File Upload leading to Remote Code Execution RCE vulnerability found by ABDO10 in WordPress Super Forms Bundle premium plugin versions = 4.9.700. Solution Update the WordPress Super Forms Bundle premium plugin to the latest available version at least 4.9.703...