Page 4 of 27 results (0.007 seconds)

CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 2

The WP Fluent Forms plugin < 3.6.67 for WordPress is vulnerable to Cross-Site Request Forgery leading to stored Cross-Site Scripting and limited Privilege Escalation due to a missing nonce check in the access control function for administrative AJAX actions El plugin WP Fluent Forms versiones anteriores a 3.6.67, para WordPress es vulnerable a un ataque de tipo Cross-Site Request Forgery conllevando a una vulnerabilidad de tipo Cross-Site Scripting almacenada y una escalada de privilegios limitada debido a una falta de comprobación de nonce en la función access control para acciones administrativas AJAX • https://plugins.trac.wordpress.org/browser/fluentform/trunk/app/Modules/Acl/Acl.php?rev=2196688 https://www.wordfence.com/blog/2021/06/cross-site-request-forgery-patched-in-wp-fluent-forms • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') CWE-352: Cross-Site Request Forgery (CSRF) •

CVSS: 7.2EPSS: 0%CPEs: 1EXPL: 1

The view submission functionality in the Hotscot Contact Form WordPress plugin before 1.3 makes a get request with the sub_id parameter which not sanitised, escaped or validated before inserting to a SQL statement, leading to an SQL injection. La funcionalidad view submission en el plugin Hotscot Contact Form de WordPress versiones anteriores a 1.3, hace una petición get con el parámetro sub_id que no está saneada, escapada o comprobada antes de insertarse en una sentencia SQL, conllevando a una inyección SQL • https://wpscan.com/vulnerability/2dfde2ef-1b33-4dc9-aa3e-02d319effb3a • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •

CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 3

The Contact Form by Supsystic WordPress plugin before 1.7.15 did not sanitise the tab parameter of its options page before outputting it in an attribute, leading to a reflected Cross-Site Scripting issue El plugin de WordPress Contact Form by Supsystic versiones anteriores a 1.7.15, no saneaba el parámetro tab de su página options antes de generarlo en un atributo, conllevando a un problema de tipo Cross-Site Scripting reflejado WordPress Contact Form plugin version 1.7.14 suffers from a cross site scripting vulnerability. • https://www.exploit-db.com/exploits/50344 http://packetstormsecurity.com/files/164308/WordPress-Contact-Form-1.7.14-Cross-Site-Scripting.html https://wpscan.com/vulnerability/1301123c-5e63-432a-ab90-3221ca532d9c • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 6.4EPSS: 0%CPEs: 1EXPL: 4

A stored cross-site scripting (XSS) vulnerability exists in the WPForms Contact Form (aka wpforms-lite) plugin before 1.5.9 for WordPress. Hay una vulnerabilidad de tipo cross-site scripting (XSS) almacenado en el plugin WPForms Contact Form (también se conoce como wpforms-lite) versiones anteriores a la versión 1.5.9 para WordPress. WordPress WPForms plugin version 1.5.8.2 suffers from a persistent cross site scripting vulnerability. • https://www.exploit-db.com/exploits/48245 https://packetstormsecurity.com/files/156910/WordPress-WP-Forms-1.5.8.2-Cross-Site-Scripting.html https://wordpress.org/plugins/wpforms-lite/#developers https://wpvulndb.com/vulnerabilities/10114 https://www.getastra.com/blog/911/plugin-exploit/stored-xss-vulnerability-found-in-wpforms-plugin https://www.jinsonvarghese.com/stored-xss-vulnerability-found-in-wpforms-plugin • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0

The contact-form-plugin plugin before 4.0.2 for WordPress has XSS. El complemento contact-form-plugin anterior de 4.0.2 para WordPress tiene XSS • https://wordpress.org/plugins/contact-form-plugin/#developers • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •