104 matches found
CVE-2024-0386
The weForms plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'Referer' HTTP header in all versions up to, and including, 1.6.21 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts...
WordPress weForms plugin <= 1.6.23 - Malicious Polyfill.io Embed vulnerability
Malicious Polyfill.io Embed vulnerability discovered by Sansec.io in WordPress Plugin weForms versions = 1.6.23...
WordPress weForms Plugin <= 1.6.23 is vulnerable to Backdoor
Software weForms Type Plugin Vulnerable versions = 1.6.23 Fixed in 1.6.24 OWASP Top 10 A3: Injection Classification Backdoor CVE N/A Patch priority Low CVSS severity Low 5.3 Developer Claim ownership PSID 83328c8ce30e Credits Sansec.io Required privilege Unauthenticated Published 3 July, 2024...
CVE-2023-51524
Missing Authorization vulnerability in weForms.This issue affects weForms: from n/a through 1.6.18...
CVE-2023-51524
Missing Authorization vulnerability in weForms.This issue affects weForms: from n/a through 1.6.18...
CVE-2023-51524 WordPress weForms plugin <= 1.6.18 - Broken Access Control vulnerability
Missing Authorization vulnerability in weForms.This issue affects weForms: from n/a through 1.6.18...
CVE-2023-51524 WordPress weForms plugin <= 1.6.18 - Broken Access Control vulnerability
Missing Authorization vulnerability in weForms.This issue affects weForms: from n/a through 1.6.18...
WordPress plugin weForms security vulnerability
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security...
PT-2024-14178 · Weforms · Weforms
Name of the Vulnerable Software and Affected Versions: weForms versions 1.6.18 and earlier Description: A Missing Authorization issue has been identified in weForms. This issue allows for potential unauthorized access. Recommendations: For weForms versions 1.6.18 and earlier, update to a version...
CVE-2024-30512
Missing Authorization vulnerability in weForms.This issue affects weForms: from n/a through 1.6.20...
CVE-2024-30512
Missing Authorization vulnerability in weForms.This issue affects weForms: from n/a through 1.6.20...
CVE-2024-30512 WordPress weForms plugin <= 1.6.20 - Broken Access Control vulnerability
Missing Authorization vulnerability in weForms.This issue affects weForms: from n/a through 1.6.20...
CVE-2024-30512 WordPress weForms plugin <= 1.6.20 - Broken Access Control vulnerability
Missing Authorization vulnerability in weForms.This issue affects weForms: from n/a through 1.6.20...
CVE-2024-30512
CVE-2024-30512 is a Missing Authorization (Broken Access Control) vulnerability in the WordPress plugin weForms, affecting versions up to 1.6.20. The NVD entry rates the impact as Critical (CVSS v3.1 base score 9.1) with network access and no user interaction required; confidentiality and integri...
WordPress plugin weForms security vulnerability
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security...
PT-2024-23440 · Weforms · Weforms
Name of the Vulnerable Software and Affected Versions: weForms versions 1.6.20 and earlier Description: A Missing Authorization issue has been identified. This issue allows unauthorized access. The estimated number of potentially affected devices is not specified. Recommendations: For weForms...
CVE-2024-32512
Client-Side Enforcement of Server-Side Security vulnerability in weForms allows Removing Important Client Functionality.This issue affects weForms: from n/a through 1.6.20...
CVE-2024-32512
The CVE-2024-32512 entry concerns the WordPress weForms plugin (versions up to and including 1.6.20) with a Form Submission Restriction Bypass issue caused by Client-Side Enforcement of Server-Side Security. Affected component: weForms form submission logic; root cause: client-side enforcement al...
CVE-2024-32512 WordPress weForms plugin <= 1.6.20 - Form Submission Restriction Bypass vulnerability
Client-Side Enforcement of Server-Side Security vulnerability in weForms allows Removing Important Client Functionality.This issue affects weForms: from n/a through 1.6.20...
CVE-2024-32512 WordPress weForms plugin <= 1.6.20 - Form Submission Restriction Bypass vulnerability
Client-Side Enforcement of Server-Side Security vulnerability in weForms allows Removing Important Client Functionality.This issue affects weForms: from n/a through 1.6.20...