CVE-2024-35661

CVE-2024-35661 is a Missing Authorization vulnerability in SoftLab Upload Fields for WPForms. Public records show impact on the WPForms Upload Fields component, affecting versions up to 1.0.2 (and possibly earlier per the entry). The NVD metrics indicate a CRITICAL score (CVSS v3.1: 9.8) with net...

CVE-2024-35661 WordPress Upload Fields for WPForms plugin <= 1.0.2 - Broken Access Control vulnerability

Missing Authorization vulnerability in SoftLab Upload Fields for WPForms.This issue affects Upload Fields for WPForms: from n/a through 1.0.2...

WordPress plugin Upload Fields for WPForms Security Vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...

WordPress Upload Fields for WPForms plugin <= 1.0.2 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by Majed Refaea Patchstack Alliance in WordPress Plugin Upload Fields for WPForms versions = 1.0.2...

CVE-2024-35632 WordPress Integration for Constant Contact and Contact Form 7, WPForms, Elementor, Ninja Forms plugin <= 1.1.5 - Cross Site Request Forgery (CSRF) vulnerability

Cross-Site Request Forgery CSRF vulnerability in CRM Perks. Integration for Contact Form 7 and Constant Contact.This issue affects Integration for Contact Form 7 and Constant Contact: from n/a through 1.1.5...

WordPress Upload Fields for WPForms Plugin <= 1.0.2 is vulnerable to Broken Access Control

Software Upload Fields for WPForms Type Plugin Vulnerable versions = 1.0.2 Fixed in N/A OWASP Top 10 A1: Broken Access Control Classification Broken Access Control CVE CVE-2024-35661 Patch priority Low CVSS severity Low 5.3 Developer Claim ownership PSID f07470eaffa8 Credits Majed Refaea Required...

Integration for Pipedrive and Contact Form 7, WPForms, Elementor, Ninja Forms < 1.2.1 - Cross-Site Request Forgery

Description The Integration for Pipedrive and Contact Form 7, WPForms, Elementor, Ninja Forms plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.2.0. This is due to missing or incorrect nonce validation on the settingspage function. This makes...

CVE-2024-34817

CVE-2024-34817 is a CSRF vulnerability in the Integration for Pipedrive and Contact Form 7, WPForms, Elementor, Ninja Forms WordPress plugin. Affected versions are up to 1.2.0 (exact start version not provided). The vulnerability allows unauthorized cross-site actions due to CSRF, with the CVSS/a...

CVE-2024-34817 WordPress Integration for Pipedrive and Contact Form 7, WPForms, Elementor, Ninja Forms plugin <= 1.2.0 - Cross Site Request Forgery (CSRF) vulnerability

Cross-Site Request Forgery CSRF vulnerability in CRM Perks Integration for Pipedrive and Contact Form 7, WPForms, Elementor, Ninja Forms.This issue affects Integration for Pipedrive and Contact Form 7, WPForms, Elementor, Ninja Forms: from n/a through 1.2.0...

CVE-2024-34817 WordPress Integration for Pipedrive and Contact Form 7, WPForms, Elementor, Ninja Forms plugin <= 1.2.0 - Cross Site Request Forgery (CSRF) vulnerability

Cross-Site Request Forgery CSRF vulnerability in CRM Perks Integration for Pipedrive and Contact Form 7, WPForms, Elementor, Ninja Forms.This issue affects Integration for Pipedrive and Contact Form 7, WPForms, Elementor, Ninja Forms: from n/a through 1.2.0...

WordPress Integration for Pipedrive and Contact Form 7, WPForms, Elementor, Ninja Forms Plugin <= 1.2.0 is vulnerable to Cross Site Request Forgery (CSRF)

Software Integration for Pipedrive and Contact Form 7, WPForms, Elementor, Ninja Forms Type Plugin Vulnerable versions = 1.2.0 Fixed in 1.2.1 OWASP Top 10 A1: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2024-34817 Patch priority Low CVSS severity Low 4.3 Developer...

Contact Form by WPForms – Drag & Drop Form Builder for WordPress < 1.8.8.2 - Unauthenticated Price Manipulation

Description The Contact Form by WPForms – Drag & Drop Form Builder for WordPress is vulnerable to price manipulation. This is due to a lack of controls on several product parameters, making it possible for unauthenticated attackers to manipulate prices, product information, and quantities for...

CVE-2024-3715

The Database for Contact Form 7, WPforms, Elementor forms plugin for WordPress is vulnerable to Stored Cross-Site Scripting in all versions up to, and including, 1.3.8 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject...

CVE-2024-3649

The Contact Form by WPForms – Drag & Drop Form Builder for WordPress plugin for WordPress is vulnerable to price manipulation in versions up to, and including, 1.8.7.2. This is due to a lack of controls on several product parameters. This makes it possible for unauthenticated attackers to...

CVE-2024-3715

CVE-2024-3715 relates to the Database for Contact Form 7, WPforms, and Elementor forms plugins on WordPress. It describes a Stored Cross-Site Scripting vulnerability caused by insufficient input sanitization and output escaping, enabling unauthenticated attackers to inject scripts that execute wh...

CVE-2024-3715 Database for Contact Form 7, WPforms, Elementor forms <= 1.3.8 - Unauthenticated Stored Cross-Site Scripting

The Database for Contact Form 7, WPforms, Elementor forms plugin for WordPress is vulnerable to Stored Cross-Site Scripting in all versions up to, and including, 1.3.8 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject...

CVE-2024-3649 Contact Form by WPForms – Drag & Drop Form Builder for WordPress <= 1.8.7.2 - Unauthenticated Price Manipulation

The Contact Form by WPForms – Drag & Drop Form Builder for WordPress plugin for WordPress is vulnerable to price manipulation in versions up to, and including, 1.8.7.2. This is due to a lack of controls on several product parameters. This makes it possible for unauthenticated attackers to...

CVE-2024-3649 Contact Form by WPForms – Drag & Drop Form Builder for WordPress <= 1.8.7.2 - Unauthenticated Price Manipulation

The Contact Form by WPForms – Drag & Drop Form Builder for WordPress plugin for WordPress is vulnerable to price manipulation in versions up to, and including, 1.8.7.2. This is due to a lack of controls on several product parameters. This makes it possible for unauthenticated attackers to...

CVE-2024-3649

The CVE CVE-2024-3649 concerns the WordPress plugin Contact Form by WPForms – Drag & Drop Form Builder for WordPress. Affected: WPForms Lite (Contact Form by WPForms) versions up to 1.8.7.2. Root cause: lack of controls on several product parameters during Stripe purchases enables price manipulat...

WordPress Contact Form by WPForms plugin <= 1.8.7.2 - Unauthenticated Price Manipulation vulnerability

Unauthenticated Price Manipulation vulnerability discovered by Asaf Mozes in WordPress Plugin Contact Form by WPForms versions = 1.8.7.2...