CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 2CVE-2019-9567 – Forminator Plugin <= 1.5.4 - Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2019-9567
The "Forminator Contact Form, Poll & Quiz Builder" plugin before 1.6 for WordPress has XSS via a custom input field of a poll. El plugin "Forminator Contact Form, Poll Quiz Builder", en versiones anteriores a la 1.6 para WordPress, tiene Cross-Site Scripting (XSS) mediante un campo de entradas personalizado de una encuesta. WordPress Forminator plugin version 1.5.4 suffers from cross site scripting and remote SQL injection vulnerabilities. • https://lists.openwall.net/full-disclosure/2019/02/05/4 https://security-consulting.icu/blog/2019/02/wordpress-forminator-persistent-xss-blind-sql-injection https://wordpress.org/plugins/forminator/#developers https://wpvulndb.com/vulnerabilities/9215 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 2CVE-2019-9568 – Forminator Plugin <= 1.5.3.1 - SQL Injection
https://notcve.org/view.php?id=CVE-2019-9568
The "Forminator Contact Form, Poll & Quiz Builder" plugin before 1.6 for WordPress has SQL Injection via the wp-admin/admin.php?page=forminator-entries entry[] parameter if the attacker has the delete permission. El plugin "Forminator Contact Form, Poll Quiz Builder", en versiones anteriores a la 1.6 para WordPress, tiene una inyección SQL mediante en parámetro entry[] "wp-admin/admin.php?page=forminator-entries" si el atacante tiene permisos de borrado. WordPress Forminator plugin version 1.5.4 suffers from cross site scripting and remote SQL injection vulnerabilities. • https://lists.openwall.net/full-disclosure/2019/02/05/4 https://security-consulting.icu/blog/2019/02/wordpress-forminator-persistent-xss-blind-sql-injection https://wordpress.org/plugins/forminator/#developers https://wpvulndb.com/vulnerabilities/9215 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •