4 matches found
CVE-2024-11436
CVE-2024-11436 involves the WordPress plugin Drag & Drop Builder (and related components) with a Reflected Cross-Site Scripting vulnerability via the page parameter in versions
CVE-2024-11436 Drag & Drop Builder, Human Face Detector, Pre-built Templates, Spam Protection, User Email Notifications & more! <= 1.4.19 - Reflected Cross-Site Scripting
The Drag & Drop Builder, Human Face Detector, Pre-built Templates, Spam Protection, User Email Notifications & more! plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'page' parameter in all versions up to, and including, 1.4.19 due to insufficient input sanitization an...
CVE-2022-1569 WordPress Forms by Pie Forms < 1.4.9.4 - Admin+ Stored Cross-Site Scripting
The Drag & Drop Builder, Human Face Detector, Pre-built Templates, Spam Protection, User Email Notifications & more! WordPress plugin before 1.4.9.4 does not sanitise and escape some of its form fields, which could allow high privilege users such as admin to perform Cross-Site Scripting attacks...
Contact Form & Lead Form Elementor Builder Plugin < 1.7.4 - Multiple Subscriber+ Settings Update
The plugin doesn't have authorisation and nonce checks, which could allow any authenticated users, such as subscriber to update and change various settings PoC POST Request ON/OFF Captcha: POST /wp-admin/admin-ajax.php HTTP/2 Cookie: any authenticated user User-Agent: Mozilla/5.0 Content-Type:...