WordPress PDF Builder for WPForms Plugin <= 1.2.116 is vulnerable to Full Path Disclosure (FPD)

Software PDF Builder for WPForms Type Plugin Vulnerable versions = 1.2.116 Fixed in 1.2.117 OWASP Top 10 A5: Security Misconfiguration Classification Full Path Disclosure FPD CVE CVE-2024-7414 Patch priority Low CVSS severity Low 5.3 Developer Claim ownership PSID c08822324936 Credits stealthcopt...

CVE-2024-7414

The PDF Builder for WPForms plugin for WordPress is vulnerable to Full Path Disclosure in all versions up to, and including, 1.2.116. This is due to the plugin allowing direct access to the composer-setup.php file which has displayerrors on. This makes it possible for unauthenticated attackers to...

WordPress Upload Fields for WPForms plugin <= 1.0.2 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by Majed Refaea Patchstack Alliance in WordPress Plugin Upload Fields for WPForms versions = 1.0.2...

PT-2024-15506 · WordPress · Views For Wpforms

Name of the Vulnerable Software and Affected Versions: The Views for WPForms – Display & Edit WPForms Entries on your site frontend plugin for WordPress versions up to, and including, 3.2.2 Description: The issue is related to unauthorized modification of data due to a missing capability check on...

WordPress plugin Views for WPForms security vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability exists in the...

WordPress plugin Views for WPForms security vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A security vulnerability exists in WordPres...

CVE-2023-2321

The WPForms Google Sheet Connector WordPress plugin before 3.4.6, gsheetconnector-wpforms-pro WordPress plugin through 3.4.6 does not escape a parameter before outputting it back in an attribute, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as...

WPForms 1.7.8 - Cross-Site Scripting (XSS)

Exploit Title: WPForms 1.7.8 - Cross-Site Scripting XSS Date: 2022-12-05 Author: Milad karimi Software Link: https://wordpress.org/plugins/wpforms-lite Version: 1.7.8 Tested on: Windows 10 CVE: N/A 1. Description: This plugin creates a WPForms from any post types. The slider import search feature...

WordPress Drag and Drop & Multiple Image Uploads With Preview For WPForms plugin <= 1.3 - Toggle The Debug Mode via Cross-Site Request Forgery (CSRF) vulnerability

Toggle The Debug Mode via Cross-Site Request Forgery CSRF vulnerability discovered in WordPress Drag and Drop & Multiple Image Uploads With Preview For WPForms plugin versions = 1.3. Solution No patched version available...

CVE-2020-10385

A stored cross-site scripting XSS vulnerability exists in the WPForms Contact Form aka wpforms-lite plugin before 1.5.9 for WordPress...

WordPress Contact Form by WPForms plugin <= 1.5.8.2 - Authenticated Cross-Site Scripting (XSS) vulnerability

Authenticated Cross-Site Scripting XSS vulnerability discovered by Jinson Varghese Behanan in WordPress Contact Form by WPForms plugin versions = 1.5.8.2. Solution Update the WordPress Contact Form by WPForms plugin to the latest available version at least 1.5.9...