CVE-2020-7228 – Calculated Fields Form <= 1.0.353 - Authenticated Stored Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2020-7228
The Calculated Fields Form plugin through 1.0.353 for WordPress suffers from multiple Stored XSS vulnerabilities present in the input forms. These can be exploited by an authenticated user. El plugin Calculated Fields Form versiones hasta 1.0.353 para WordPress, sufre de múltiples vulnerabilidades de tipo XSS Almacenado, presentes en los formularios de entrada. Estos pueden ser explotados por parte de un usuario autenticado. • https://spider-security.co.uk/blog-cve-2020-7228 https://wordpress.org/plugins/calculated-fields-form/#developers https://wpvulndb.com/vulnerabilities/10043 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2018-20964 – Contact Form Email <= 1.2.65 - Cross-Site Request Forgery
https://notcve.org/view.php?id=CVE-2018-20964
The contact-form-to-email plugin before 1.2.66 for WordPress has CSRF. El complemento contact-form-to-email anterior de 1.2.66 para WordPress tiene CSRF. • https://wordpress.org/plugins/contact-form-to-email/#developers • CWE-352: Cross-Site Request Forgery (CSRF) •
CVE-2018-20963 – Contact Form Email <= 1.2.65 - Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2018-20963
The contact-form-to-email plugin before 1.2.66 for WordPress has XSS. El complemento contact-form-to-email anterior de 1.2.66 para WordPress tiene XSS. • https://wordpress.org/plugins/contact-form-to-email/#developers • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2019-14791 – Appointment Booking Calendar < 1.3.19 - Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2019-14791
The Appointment Booking Calendar plugin 1.3.18 for WordPress allows XSS via the wp-admin/admin-post.php editionarea parameter. El plugin Appointment Booking Calendar versión 1.3.18 para , permite un ataque de tipo XSS por medio del parámetro editionarea del archivo wp-admin/admin-post.php. • https://wordpress.org/plugins/appointment-booking-calendar/#developers https://wpvulndb.com/vulnerabilities/9426 https://www.pluginvulnerabilities.com/2019/07/03/hackers-look-to-be-targeting-the-wordpress-plugin-appointment-booking-calendar-which-is-yet-another-insecure-plugin-from-code-people • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2019-14784 – CP Contact Form with PayPal <= 1.3.01 - Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2019-14784
The "CP Contact Form with PayPal" plugin before 1.2.98 for WordPress has XSS in CSS edition. El plugin "CP Contact Form with PayPal" versiones anteriores a 1.2.98 para WordPress, presenta una vulnerabilidad de tipo XSS en la edición de CSS. The "CP Contact Form with PayPal" plugin before 1.3.02 for WordPress has XSS in CSS edition. • https://wordpress.org/plugins/cp-contact-form-with-paypal/#developers • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •