Lucene search
K

4 matches found

CVE
CVE
added 2024/12/07 1:45 a.m.41 views

CVE-2024-11436

CVE-2024-11436 involves the WordPress plugin Drag & Drop Builder (and related components) with a Reflected Cross-Site Scripting vulnerability via the page parameter in versions

6.1CVSS6AI score0.00285EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2024/12/07 1:45 a.m.5 views

CVE-2024-11436 Drag & Drop Builder, Human Face Detector, Pre-built Templates, Spam Protection, User Email Notifications & more! <= 1.4.19 - Reflected Cross-Site Scripting

The Drag & Drop Builder, Human Face Detector, Pre-built Templates, Spam Protection, User Email Notifications & more! plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'page' parameter in all versions up to, and including, 1.4.19 due to insufficient input sanitization an...

6.1CVSS6.4AI score0.00285EPSS
Exploits0References2
Cvelist
Cvelist
added 2022/06/06 8:51 a.m.20 views

CVE-2022-1569 WordPress Forms by Pie Forms < 1.4.9.4 - Admin+ Stored Cross-Site Scripting

The Drag & Drop Builder, Human Face Detector, Pre-built Templates, Spam Protection, User Email Notifications & more! WordPress plugin before 1.4.9.4 does not sanitise and escape some of its form fields, which could allow high privilege users such as admin to perform Cross-Site Scripting attacks...

5.1AI score0.00565EPSS
Exploits2References1
wpexploit
wpexploit
added 2022/02/01 12:0 a.m.101 views

Contact Form & Lead Form Elementor Builder Plugin < 1.7.4 - Multiple Subscriber+ Settings Update

The plugin doesn't have authorisation and nonce checks, which could allow any authenticated users, such as subscriber to update and change various settings PoC POST Request ON/OFF Captcha: POST /wp-admin/admin-ajax.php HTTP/2 Cookie: any authenticated user User-Agent: Mozilla/5.0 Content-Type:...

0.7AI score0.0053EPSS
Exploits2References1
Rows per page
Query Builder