CVE-2023-2321

CVE-2023-2321 affects WPForms Google Sheet Connector and gsheetconnector-wpforms-pro WordPress plugins (versions before 3.4.6). The issue is a reflected XSS caused by not escaping a parameter before outputting it in an attribute, potentially impacting admin/high-privilege users. Reported base met...

CVE-2023-2321 WPForms Google Sheet Connector < 3.4.6 - Reflected XSS

The WPForms Google Sheet Connector WordPress plugin before 3.4.6, gsheetconnector-wpforms-pro WordPress plugin through 3.4.6 does not escape a parameter before outputting it back in an attribute, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as...

CVE-2023-2321 WPForms Google Sheet Connector < 3.4.6 - Reflected XSS

The WPForms Google Sheet Connector WordPress plugin before 3.4.6, gsheetconnector-wpforms-pro WordPress plugin through 3.4.6 does not escape a parameter before outputting it back in an attribute, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as...

PT-2023-18877 · WordPress · Wpforms Google Sheet Connector +1

Name of the Vulnerable Software and Affected Versions: WPForms Google Sheet Connector WordPress plugin versions prior to 3.4.6 gsheetconnector-wpforms-pro WordPress plugin versions prior to 3.4.6 Description: The issue is related to a Reflected Cross-Site Scripting problem, where a parameter is n...

WordPress plugin WPForms Google Sheet Connector 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site scripting...

CVE-2023-30500

Unauth. Reflected Cross-Site Scripting XSS vulnerability in WPForms WPForms Lite wpforms-lite, WPForms WPForms Pro wpforms plugins = 1.8.1.2 versions...

CVE-2023-30500

Unauth. Reflected Cross-Site Scripting XSS vulnerability in WPForms WPForms Lite wpforms-lite, WPForms WPForms Pro wpforms plugins = 1.8.1.2 versions...

Cross site scripting

Unauth. Reflected Cross-Site Scripting XSS vulnerability in WPForms WPForms Lite wpforms-lite, WPForms WPForms Pro wpforms plugins = 1.8.1.2 versions...

CVE-2023-30500 WordPress WPForms plugins - Reflected Cross Site Scripting (XSS) vulnerability

Unauth. Reflected Cross-Site Scripting XSS vulnerability in WPForms WPForms Lite wpforms-lite, WPForms WPForms Pro wpforms plugins = 1.8.1.2 versions...

CVE-2023-30500 WordPress WPForms plugins - Reflected Cross Site Scripting (XSS) vulnerability

Unauth. Reflected Cross-Site Scripting XSS vulnerability in WPForms WPForms Lite wpforms-lite, WPForms WPForms Pro wpforms plugins = 1.8.1.2 versions...

CVE-2023-30500

CVE-2023-30500 : Unauthenticated reflected XSS in WordPress WPForms Lite (wpforms-lite) and WPForms Pro (wpforms)

WordPress WPForms Google Sheet Connector Plugin < 3.4.6 is vulnerable to Cross Site Scripting (XSS)

Software WPForms Google Sheet Connector Type Plugin Vulnerable versions 3.4.6 Fixed in 3.4.6 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-2321 Patch priority High CVSS severity High 7.1 Developer Claim ownership PSID a08a279b1265 Credits Erwan LR...

WordPress Plugin WPForms Pro 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site scripting...

WordPress WPForms Pro Plugin <= 1.8.1.2 is vulnerable to Cross Site Scripting (XSS)

Software WPForms Pro Type Plugin Vulnerable versions = 1.8.1.2 Fixed in 1.8.1.3 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-30500 Patch priority Low CVSS severity Low 5.8 Developer Claim ownership PSID cfb1df78124a Credits Rafie Muhammad Patchsta...

WordPress Contact Form by WPForms Plugin <= 1.8.1.2 is vulnerable to Cross Site Scripting (XSS)

Software Contact Form by WPForms Type Plugin Vulnerable versions = 1.8.1.2 Fixed in 1.8.1.3 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-30500 Patch priority Low CVSS severity Low 5.8 Developer Claim ownership PSID 105c95899b72 Credits Rafie...

WPForms 1.7.8 - Cross-Site Scripting Vulnerability

Exploit Title: WPForms 1.7.8 - Cross-Site Scripting XSS Date: 2022-12-05 Author: Milad karimi Software Link: https://wordpress.org/plugins/wpforms-lite Version: 1.7.8 Tested on: Windows 10 CVE: N/A 1. Description: This plugin creates a WPForms from any post types. The slider import search feature...

WordPress WPForms 1.7.8 Cross Site Scripting

Exploit Title: WPForms 1.7.8 - Cross-Site Scripting XSS Date: 2022-12-05 Author: Milad karimi Software Link: https://wordpress.org/plugins/wpforms-lite Version: 1.7.8 Tested on: Windows 10 CVE: N/A 1. Description: This plugin creates a WPForms from any post types. The slider import search feature...

WPForms 1.7.8 - Cross-Site Scripting (XSS)

Exploit Title: WPForms 1.7.8 - Cross-Site Scripting XSS Date: 2022-12-05 Author: Milad karimi Software Link: https://wordpress.org/plugins/wpforms-lite Version: 1.7.8 Tested on: Windows 10 CVE: N/A 1. Description: This plugin creates a WPForms from any post types. The slider import search feature...

WordPress WPForms Pro premium plugin <= 1.7.6 - CSV Injection vulnerability

CSV Injection vulnerability discovered by Francesco Carlucci in WordPress WPForms Pro premium plugin versions = 1.7.6. Solution Update the WordPress WPForms Pro plugin to the latest available version at least 1.7.7...

CVE-2022-3574

The WPForms Pro WordPress plugin before 1.7.7 does not validate its form data when generating the exported CSV, which could lead to CSV injection...