Page 5 of 41 results (0.002 seconds)

CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 0

The Calculated Fields Form plugin through 1.0.353 for WordPress suffers from multiple Stored XSS vulnerabilities present in the input forms. These can be exploited by an authenticated user. El plugin Calculated Fields Form versiones hasta 1.0.353 para WordPress, sufre de múltiples vulnerabilidades de tipo XSS Almacenado, presentes en los formularios de entrada. Estos pueden ser explotados por parte de un usuario autenticado. • https://spider-security.co.uk/blog-cve-2020-7228 https://wordpress.org/plugins/calculated-fields-form/#developers https://wpvulndb.com/vulnerabilities/10043 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0

The contact-form-to-email plugin before 1.2.66 for WordPress has CSRF. El complemento contact-form-to-email anterior de 1.2.66 para WordPress tiene CSRF. • https://wordpress.org/plugins/contact-form-to-email/#developers • CWE-352: Cross-Site Request Forgery (CSRF) •

CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0

The contact-form-to-email plugin before 1.2.66 for WordPress has XSS. El complemento contact-form-to-email anterior de 1.2.66 para WordPress tiene XSS. • https://wordpress.org/plugins/contact-form-to-email/#developers • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 1

The Appointment Booking Calendar plugin 1.3.18 for WordPress allows XSS via the wp-admin/admin-post.php editionarea parameter. El plugin Appointment Booking Calendar versión 1.3.18 para , permite un ataque de tipo XSS por medio del parámetro editionarea del archivo wp-admin/admin-post.php. • https://wordpress.org/plugins/appointment-booking-calendar/#developers https://wpvulndb.com/vulnerabilities/9426 https://www.pluginvulnerabilities.com/2019/07/03/hackers-look-to-be-targeting-the-wordpress-plugin-appointment-booking-calendar-which-is-yet-another-insecure-plugin-from-code-people • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0

The "CP Contact Form with PayPal" plugin before 1.2.98 for WordPress has XSS in CSS edition. El plugin "CP Contact Form with PayPal" versiones anteriores a 1.2.98 para WordPress, presenta una vulnerabilidad de tipo XSS en la edición de CSS. The "CP Contact Form with PayPal" plugin before 1.3.02 for WordPress has XSS in CSS edition. • https://wordpress.org/plugins/cp-contact-form-with-paypal/#developers • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •