Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

426 matches found

NVD
NVDadded 2023/12/07 12:15 p.m.8 views

CVE-2023-47779

URL Redirection to Untrusted Site 'Open Redirect' vulnerability in CRM Perks. Integration for Constant Contact and Contact Form 7, WPForms, Elementor, Ninja Forms.This issue affects Integration for Constant Contact and Contact Form 7, WPForms, Elementor, Ninja Forms: from n/a through 1.1.4...

6.1CVSS0.00238EPSS
Exploits0References1
Prion
Prionadded 2023/12/07 12:15 p.m.13 views

Open redirect

URL Redirection to Untrusted Site 'Open Redirect' vulnerability in CRM Perks. Integration for Constant Contact and Contact Form 7, WPForms, Elementor, Ninja Forms.This issue affects Integration for Constant Contact and Contact Form 7, WPForms, Elementor, Ninja Forms: from n/a through 1.1.4...

5.8CVSS7.1AI score0.00238EPSS
Exploits0References1Affected Software1
Cvelist
Cvelistadded 2023/12/07 12:11 p.m.19 views

CVE-2023-47779 WordPress Integration for Contact Form 7 and Constant Contact Plugin <= 1.1.4 is vulnerable to Open Redirection

URL Redirection to Untrusted Site 'Open Redirect' vulnerability in CRM Perks. Integration for Constant Contact and Contact Form 7, WPForms, Elementor, Ninja Forms.This issue affects Integration for Constant Contact and Contact Form 7, WPForms, Elementor, Ninja Forms: from n/a through 1.1.4...

4.7CVSS6.5AI score0.00238EPSS
Exploits0References1
CVE
CVEadded 2023/12/07 12:11 p.m.64 views

CVE-2023-47779

CVE-2023-47779 describes an Open Redirect in the WordPress plugin Integration for Constant Contact and Contact Form 7, WPForms, Elementor, Ninja Forms (up to version 1.1.4). Root cause is unvalidated redirect URL handling, enabling unauthenticated attackers to redirect users to a malicious site. ...

6.1CVSS7AI score0.00238EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDBadded 2023/11/23 12:0 a.m.18 views

Integration for Contact Form 7 and Constant Contact < 1.1.5 - Open Redirect

Description The Integration for Constant Contact and Contact Form 7, WPForms, Elementor, Ninja Forms plugin for WordPress is vulnerable to Open Redirect in all versions up to, and including, 1.1.4. This is due to insufficient validation a redirect url. This makes it possible for unauthenticated...

6.1CVSS6.9AI score0.00238EPSS
Exploits0References1Affected Software1
OSV
OSVadded 2023/10/31 3:15 p.m.1 views

CVE-2023-31212

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in CRM Perks Database for Contact Form 7, WPforms, Elementor forms contact-form-entries allows SQL Injection.This issue affects Database for Contact Form 7, WPforms, Elementor forms: from n/a through...

9.8CVSS7.3AI score
Exploits0References1
NVD
NVDadded 2023/10/31 3:15 p.m.7 views

CVE-2023-31212

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in CRM Perks Database for Contact Form 7, WPforms, Elementor forms contact-form-entries allows SQL Injection.This issue affects Database for Contact Form 7, WPforms, Elementor forms: from n/a through...

9.8CVSS9.9AI score0.00308EPSS
Exploits0References1
Prion
Prionadded 2023/10/31 3:15 p.m.23 views

Sql injection

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in CRM Perks Database for Contact Form 7, WPforms, Elementor forms contact-form-entries allows SQL Injection.This issue affects Database for Contact Form 7, WPforms, Elementor forms: from n/a through...

7.5CVSS9.8AI score0.00308EPSS
Exploits0References1Affected Software1
CVE
CVEadded 2023/10/31 2:4 p.m.62 views

CVE-2023-31212

CVE-2023-31212 is a SQL Injection vulnerability affecting the WordPress plugin Contact Form Entries (and related variants) up to version 1.3.0. The issue arises from improper neutralization of inputs used in an SQL command, enabling injection under the plugin’s Authorized Contributor workflow. Pu...

9.8CVSS8.9AI score0.00308EPSS
Exploits0References1Affected Software1
Patchstack
Patchstackadded 2023/07/18 12:0 a.m.4 views

WordPress Drag and Drop & Multiple Image Uploads With Preview For WPForms Plugin <= 1.3 is vulnerable to Cross Site Scripting (XSS)

Software Drag and Drop & Multiple Image Uploads With Preview For WPForms Type Plugin Vulnerable versions = 1.3 Fixed in N/A OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2023-33999 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID...

6.3AI score
Exploits0References2Affected Software1
OSV
OSVadded 2023/07/04 8:15 a.m.0 views

CVE-2023-2321

The WPForms Google Sheet Connector WordPress plugin before 3.4.6, gsheetconnector-wpforms-pro WordPress plugin through 3.4.6 does not escape a parameter before outputting it back in an attribute, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as...

6.1CVSS7.3AI score
Exploits0References1
Prion
Prionadded 2023/07/04 8:15 a.m.9 views

Cross site scripting

The WPForms Google Sheet Connector WordPress plugin before 3.4.6, gsheetconnector-wpforms-pro WordPress plugin through 3.4.6 does not escape a parameter before outputting it back in an attribute, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as...

5.8CVSS6AI score0.00125EPSS
Exploits1References1Affected Software1
CVE
CVEadded 2023/07/04 7:23 a.m.37 views

CVE-2023-2321

CVE-2023-2321 affects WPForms Google Sheet Connector and gsheetconnector-wpforms-pro WordPress plugins (versions before 3.4.6). The issue is a reflected XSS caused by not escaping a parameter before outputting it in an attribute, potentially impacting admin/high-privilege users. Reported base met...

6.1CVSS6.2AI score0.00125EPSS
Exploits1References1Affected Software1
Cvelist
Cvelistadded 2023/07/04 7:23 a.m.18 views

CVE-2023-2321 WPForms Google Sheet Connector < 3.4.6 - Reflected XSS

The WPForms Google Sheet Connector WordPress plugin before 3.4.6, gsheetconnector-wpforms-pro WordPress plugin through 3.4.6 does not escape a parameter before outputting it back in an attribute, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as...

6.2AI score0.00125EPSS
Exploits1References1
Vulnrichment
Vulnrichmentadded 2023/07/04 7:23 a.m.11 views

CVE-2023-2321 WPForms Google Sheet Connector < 3.4.6 - Reflected XSS

The WPForms Google Sheet Connector WordPress plugin before 3.4.6, gsheetconnector-wpforms-pro WordPress plugin through 3.4.6 does not escape a parameter before outputting it back in an attribute, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as...

6.1AI score0.00125EPSS
Exploits1References1
Positive Technologies
Positive Technologiesadded 2023/07/04 12:0 a.m.2 views

PT-2023-18877 · WordPress · Wpforms Google Sheet Connector +1

Name of the Vulnerable Software and Affected Versions: WPForms Google Sheet Connector WordPress plugin versions prior to 3.4.6 gsheetconnector-wpforms-pro WordPress plugin versions prior to 3.4.6 Description: The issue is related to a Reflected Cross-Site Scripting problem, where a parameter is n...

6.1CVSS6.3AI score0.00125EPSS
Exploits1References5
CNNVD
CNNVDadded 2023/07/04 12:0 a.m.2 views

WordPress plugin WPForms Google Sheet Connector 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site scripting...

6.1CVSS6.3AI score0.00125EPSS
Exploits1References2
OSV
OSVadded 2023/06/22 12:15 p.m.1 views

CVE-2023-30500

Unauth. Reflected Cross-Site Scripting XSS vulnerability in WPForms WPForms Lite wpforms-lite, WPForms WPForms Pro wpforms plugins = 1.8.1.2 versions...

6.1CVSS7.3AI score0.00117EPSS
Exploits0References2
NVD
NVDadded 2023/06/22 12:15 p.m.12 views

CVE-2023-30500

Unauth. Reflected Cross-Site Scripting XSS vulnerability in WPForms WPForms Lite wpforms-lite, WPForms WPForms Pro wpforms plugins = 1.8.1.2 versions...

6.1CVSS5.7AI score0.00117EPSS
Exploits0References2
Prion
Prionadded 2023/06/22 12:15 p.m.64 views

Cross site scripting

Unauth. Reflected Cross-Site Scripting XSS vulnerability in WPForms WPForms Lite wpforms-lite, WPForms WPForms Pro wpforms plugins = 1.8.1.2 versions...

5.8CVSS6AI score0.00117EPSS
Exploits0References2Affected Software2
Rows per page
Query Builder