CVE-2024-11223 WPForms < 1.9.2.3 - Admin+ Stored XSS

The WPForms WordPress plugin before 1.9.2.3 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

CVE-2024-11223 WPForms < 1.9.2.3 - Admin+ Stored XSS

The WPForms WordPress plugin before 1.9.2.3 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

PT-2024-16838 · WordPress · Wpforms

Name of the Vulnerable Software and Affected Versions: WPForms WordPress plugin versions prior to 1.9.2.3 Description: The issue allows high privilege users, such as admin, to perform Stored Cross-Site Scripting attacks even when the unfiltered html capability is disallowed, for example in...

WordPress plugin WPForms 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security...

WordPress WPForms Contact Form Plugin 1.8.4 < 1.9.2.2 Missing Authorization Vulnerability

The WordPress plugin SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:wpforms:contactform"; ifdescription...

CVE-2024-11205

The WPForms plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'wpformsisadminpage' function in versions starting from 1.8.4 up to, and including, 1.9.2.1. This makes it possible for authenticated attackers, with Subscriber-level acces...

CVE-2024-11205 WPForms 1.8.4 - 1.9.2.1 - Missing Authorization to Authenticated (Subscriber+) Payment Refund and Subscription Cancellation

The WPForms plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'wpformsisadminpage' function in versions starting from 1.8.4 up to, and including, 1.9.2.1. This makes it possible for authenticated attackers, with Subscriber-level acces...

CVE-2024-11205

The CVE-2024-11205 entry applies to the WPForms WordPress plugin. A missing capability check in wpforms_is_admin_page affects versions 1.8.4 through 1.9.2.1, enabling authenticated users with Subscriber-level access and above to refund payments and cancel subscriptions. The issue is mitigated by ...

CVE-2024-11205 WPForms 1.8.4 - 1.9.2.1 - Missing Authorization to Authenticated (Subscriber+) Payment Refund and Subscription Cancellation

The WPForms plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'wpformsisadminpage' function in versions starting from 1.8.4 up to, and including, 1.9.2.1. This makes it possible for authenticated attackers, with Subscriber-level acces...

WordPress plugin WPForms 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security...

WordPress WPForms plugin 1.8.4-1.9.2.1 - Missing Authorization to Authenticated (Subscriber+) Payment Refund and Subscription Cancellation vulnerability

Missing Authorization to Authenticated Subscriber+ Payment Refund and Subscription Cancellation vulnerability discovered by villu164 in WordPress Plugin Contact Form by WPForms versions 1.8.4-1.9.2.1...

6,000,000 WordPress Sites Protected Against Payment Refund and Subscription Cancellation Vulnerability in WPForms WordPress Plugin

💥 Time to wrap up this year and kick-off the new year with a bang! We’re wrapping up the year with ourEnd of Year Holiday Extravaganza , High-Risk Bonus Blitz Challenge , and Superhero Challenge for the Wordfence Bug Bounty Program. Through January 6th, 2025: All in-scope vulnerability types for...

CVE-2023-23825 WordPress Spectra – WordPress Gutenberg Blocks plugin <= 2.3.0 - Broken Access Control + CSRF on Import_WPforms vulnerability

Missing Authorization vulnerability in Brainstorm Force Spectra allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Spectra: from n/a through 2.3.0...

WordPress WPForms plugin < 1.9.1.6 - Admin+ Stored XSS vulnerability

Admin+ Stored XSS vulnerability discovered by WPscan in WordPress Plugin Contact Form by WPForms versions 1.9.1.6...

CVE-2024-7056

The WPForms WordPress plugin before 1.9.1.6 does not sanitise and escape some of its settings, which could allow high privilege users such as Admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

CVE-2024-7056

The WPForms WordPress plugin before 1.9.1.6 does not sanitise and escape some of its settings, which could allow high privilege users such as Admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

CVE-2024-7056 WPForms < 1.9.1.6 - Admin+ Stored XSS

The WPForms WordPress plugin before 1.9.1.6 does not sanitise and escape some of its settings, which could allow high privilege users such as Admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

CVE-2024-7056 WPForms < 1.9.1.6 - Admin+ Stored XSS

The WPForms WordPress plugin before 1.9.1.6 does not sanitise and escape some of its settings, which could allow high privilege users such as Admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

CVE-2024-7056

CVE-2024-7056 affects WPForms for WordPress (pre-1.9.1.6). The issue is caused by insufficient sanitization/escaping of certain settings, enablingStored XSS by high-privilege users (e.g., Administrator) even when unfiltered_html is disabled (such as in multisite setups). The Red Hat and CVE lists...

WordPress Contact Form by WPForms Plugin < 1.9.1.6 is vulnerable to Cross Site Scripting (XSS)

Software Contact Form by WPForms Type Plugin Vulnerable versions 1.9.1.6 Fixed in 1.9.1.6 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-7056 Patch priority Low CVSS severity Low 5.9 Developer Claim ownership PSID 9dc8b02dd1d6 Credits WPscan Require...