18 matches found
WordPress Super Forms – Drag & Drop Form Builder plugin <= 6.3.313 - Unauthenticated Arbitrary File Upload vulnerability
Unauthenticated Arbitrary File Upload vulnerability discovered by andrea bocchetti in WordPress Plugin Super Forms versions = 6.3.313...
CVE-2026-14894
The CVE concerns the WordPress plugin Super Forms – Drag & Drop Form Builder. All versions up to 6.3.313 are vulnerable to Arbitrary File Upload via the submit_form function due to missing file type validation and absence of any capability check on the submit_form nopriv AJAX handler; the only ba...
CVE-2026-14894
The Super Forms – Drag & Drop Form Builder plugin for WordPress is vulnerable to Arbitrary File Upload in all versions up to, and including, 6.3.313 via the submitform function. This is due to missing file type validation and the absence of any capability check on the submitform nopriv AJAX...
CVE-2026-14894 Super Forms <= 6.3.313 - Unauthenticated Arbitrary File Upload via 'data' Parameter (datauristring / value)
The Super Forms – Drag & Drop Form Builder plugin for WordPress is vulnerable to Arbitrary File Upload in all versions up to, and including, 6.3.313 via the submitform function. This is due to missing file type validation and the absence of any capability check on the submitform nopriv AJAX...
CVE-2026-14894 Super Forms <= 6.3.313 - Unauthenticated Arbitrary File Upload via 'data' Parameter (datauristring / value)
The Super Forms – Drag & Drop Form Builder plugin for WordPress is vulnerable to Arbitrary File Upload in all versions up to, and including, 6.3.313 via the submitform function. This is due to missing file type validation and the absence of any capability check on the submitform nopriv AJAX...
CVE-2022-0402
The Super Forms - Drag & Drop Form Builder WordPress plugin before 6.0.4 does not escape the bobczypanstwasprawazostalarozwiazana parameter before outputting it back in an attribute via the superlanguageswitcher AJAX action, leading to a Reflected Cross-Site Scripting. The action is also lacking...
CVE-2022-0402
The Super Forms - Drag & Drop Form Builder WordPress plugin before 6.0.4 does not escape the bobczypanstwasprawazostalarozwiazana parameter before outputting it back in an attribute via the superlanguageswitcher AJAX action, leading to a Reflected Cross-Site Scripting. The action is also lacking...
Cross site scripting
The Super Forms - Drag & Drop Form Builder WordPress plugin before 6.0.4 does not escape the bobczypanstwasprawazostalarozwiazana parameter before outputting it back in an attribute via the superlanguageswitcher AJAX action, leading to a Reflected Cross-Site Scripting. The action is also lacking...
CVE-2022-0402 Superforms < 6.0.4 - Reflected Cross-Site Scripting
The Super Forms - Drag & Drop Form Builder WordPress plugin before 6.0.4 does not escape the bobczypanstwasprawazostalarozwiazana parameter before outputting it back in an attribute via the superlanguageswitcher AJAX action, leading to a Reflected Cross-Site Scripting. The action is also lacking...
CVE-2022-0402 Superforms < 6.0.4 - Reflected Cross-Site Scripting
The Super Forms - Drag & Drop Form Builder WordPress plugin before 6.0.4 does not escape the bobczypanstwasprawazostalarozwiazana parameter before outputting it back in an attribute via the superlanguageswitcher AJAX action, leading to a Reflected Cross-Site Scripting. The action is also lacking...
CVE-2022-0402
CVE-2022-0402 affects the WordPress plugin Super Forms – Drag & Drop Form Builder prior to 6.0.4. The vulnerability arises because the parameter named in the description (bob_czy_panstwa_sprawa_zostala_rozwiazana) is not escaped before being echoed back in an attribute via the super_language_swit...
CVE-2022-0402 Superforms < 6.0.4 - Reflected Cross-Site Scripting
The Super Forms - Drag & Drop Form Builder WordPress plugin before 6.0.4 does not escape the bobczypanstwasprawazostalarozwiazana parameter before outputting it back in an attribute via the superlanguageswitcher AJAX action, leading to a Reflected Cross-Site Scripting. The action is also lacking...
PT-2024-11503 · WordPress · The Super Forms - Drag & Drop Form Builder
Name of the Vulnerable Software and Affected Versions: The Super Forms - Drag & Drop Form Builder WordPress plugin versions prior to 6.0.4 Description: The issue is related to a Reflected Cross-Site Scripting problem. The bob czy panstwa sprawa zostala rozwiazana parameter is not properly escaped...
WordPress plugin Super Forms security vulnerability
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. WordPress is a blogging platform developed in the PHP language that supports personal blogs on PHP and MySQL servers.WordPress plugin is an application...
WordPress Super Forms Bundle premium plugin <= 4.9.700 - Arbitrary File Upload leading to Remote Code Execution (RCE) vulnerability
Arbitrary File Upload leading to Remote Code Execution RCE vulnerability found by ABDO10 in WordPress Super Forms Bundle premium plugin versions = 4.9.700. Solution Update the WordPress Super Forms Bundle premium plugin to the latest available version at least 4.9.703...
Super Forms < 4.9.703 - Unauthenticated PHP File Upload to RCE
The plugin uses the jQuery File Upload library, but does not properly ensure that PHP files are forbidden. Note: Exploitation of the issue is not as easy as the original advisory in the references states. PoC If a form from the plugin with an upload field is present on the blog, and is used to...
Super Forms < 4.9.703 - Unauthenticated PHP File Upload to RCE
The plugin uses the jQuery File Upload library, but does not properly ensure that PHP files are forbidden. Note: Exploitation of the issue is not as easy as the original advisory in the references states. If a form from the plugin with an upload field is present on the blog, and is used to upload...
WordPress Super Forms premium plugin <= 4.9.700 - Arbitrary File Upload leading to Remote Code Execution (RCE) vulnerability
Arbitrary File Upload leading to Remote Code Execution RCE vulnerability found by ABDO10 in WordPress Super Forms premium plugin versions = 4.9.700. Solution Update the WordPress Super Forms premium plugin to the latest available version at least 4.9.703...