WordPress plugin WPForms 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security...

CVE-2024-52347

CVE-2024-52347 is a stored XSS vulnerability described as Improper Neutralization of Input During Web Page Generation in the WordPress plugin/theme stack “Website remote Install vor Gravity, WPForms, Formidable, Ninja, Caldera” (affected from n/a to 4.0). The issue arises from inadequate input ne...

CVE-2024-52347 WordPress Website remote Install vor Gravity, WPForms, Formidable, Ninja, Caldera plugin <= 4.0 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in wpwebsitecreator Website remote Install vor Gravity, WPForms, Formidable, Ninja, Caldera wp-website-creator allows Stored XSS.This issue affects Website remote Install vor Gravity, WPForms,...

WordPress plugin Website remote Install vor Gravity, WPForms, Formidable, Ninja, Caldera 跨站脚本漏洞

WordPress and WordPress plugin are products of the WordPress Foundation, a blogging platform developed in PHP. WordPress plugin is an application plugin that allows you to set up a personal blog site on a PHP and MySQL server. WordPress plugin Website remote Install vor Gravity, WPForms,...

PT-2024-9554 · Stripe · Stripe

Name of the Vulnerable Software and Affected Versions: WPForms versions 1.8.4 through 1.9.2.1 Description: The issue is related to a missing capability check in the wpforms is admin page function, which allows authenticated attackers with Subscriber-level access and above to refund payments and...

CVE-2024-10593

The WPForms – Easy Form Builder for WordPress – Contact Forms, Payment Forms, Surveys, & More plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.9.1.6. This is due to missing or incorrect nonce validation on the processadminui function. This...

CVE-2024-10593 WPForms – Easy Form Builder for WordPress <= 1.9.1.6 - Cross-Site Request Forgery (CSRF) to Plugin's Log Deletion

The WPForms – Easy Form Builder for WordPress – Contact Forms, Payment Forms, Surveys, & More plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.9.1.6. This is due to missing or incorrect nonce validation on the processadminui function. This...

CVE-2024-10593

CVE-2024-10593 affects the WPForms – Easy Form Builder for WordPress plugin (up to 1.9.1.6). The issue is a Cross-Site Request Forgery due to missing/incorrect nonce validation in the process_admin_ui function, allowing unauthenticated attackers to delete WPForms logs by tricking an admin into cl...

CVE-2024-10593 WPForms – Easy Form Builder for WordPress <= 1.9.1.6 - Cross-Site Request Forgery (CSRF) to Plugin's Log Deletion

The WPForms – Easy Form Builder for WordPress – Contact Forms, Payment Forms, Surveys, & More plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.9.1.6. This is due to missing or incorrect nonce validation on the processadminui function. This...

PT-2024-16390 · WordPress · Wpforms

Name of the Vulnerable Software and Affected Versions: WPForms – Easy Form Builder for WordPress – Contact Forms, Payment Forms, Surveys, & More plugin for WordPress versions up to, and including, 1.9.1.6 Description: The issue is related to Cross-Site Request Forgery due to missing or incorrect...

WordPress plugin WPForms 跨站请求伪造漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site request...

WordPress WPForms – Easy Form Builder for WordPress plugin <= 1.9.1.6 - Cross-Site Request Forgery (CSRF) to Plugin's Log Deletion vulnerability

Cross-Site Request Forgery CSRF to Plugin's Log Deletion vulnerability discovered by Asaf Mozes in WordPress Plugin Contact Form by WPForms versions = 1.9.1.6...

WordPress Contact Form by WPForms Plugin <= 1.9.1.6 is vulnerable to Cross Site Request Forgery (CSRF)

Software Contact Form by WPForms Type Plugin Vulnerable versions = 1.9.1.6 Fixed in 1.9.2.1 OWASP Top 10 A5: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2024-10593 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID 3b41c5288f1e Credits Asaf...

WordPress Website remote Install vor Gravity, WPForms, Formidable, Ninja, Caldera Plugin <= 4.0 is vulnerable to Cross Site Scripting (XSS)

Software Website remote Install vor Gravity, WPForms, Formidable, Ninja, Caldera Type Plugin Vulnerable versions = 4.0 Fixed in N/A OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-52347 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID...

CVE-2024-10016

The File Upload Types by WPForms plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 1.4.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Author-level...

CVE-2024-10016 File Upload Types by WPForms <= 1.4.0 - Authenticated (Author+) Stored Cross-Site Scripting via SVG File Upload

The File Upload Types by WPForms plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 1.4.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Author-level...

CVE-2024-10016 File Upload Types by WPForms <= 1.4.0 - Authenticated (Author+) Stored Cross-Site Scripting via SVG File Upload

The File Upload Types by WPForms plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 1.4.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Author-level...

CVE-2024-10016

CVE-2024-10016 affects the File Upload Types by WPForms WordPress plugin. A stored XSS was reported via SVG file uploads in all versions

WordPress plugin File Upload Types by WPForms 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation, a blogging platform developed in PHP. WordPress plugin is an application plugin that supports personal blog sites on PHP and MySQL servers. A cross-site scripting vulnerability exists in WordPress plugin File Upload Typ...

PT-2024-15976 · Wpforms · File Upload Types

Name of the Vulnerable Software and Affected Versions: File Upload Types by WPForms plugin for WordPress versions up to, and including, 1.4.0 Description: The issue is related to Stored Cross-Site Scripting via SVG File uploads due to insufficient input sanitization and output escaping. This allo...