20 results (0.011 seconds)

CVSS: 6.4EPSS: 0%CPEs: 1EXPL: 0

16 Dec 2024 — The CRM Perks – WordPress HelpDesk Integration – Zendesk, Freshdesk, HelpScout plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'crm-perks-tickets' shortcode in all versions up to, and including, 1.1.6 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected... • https://plugins.trac.wordpress.org/browser/support-x/trunk/support-x.php#L210 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 8.3EPSS: 0%CPEs: 1EXPL: 0

05 Aug 2024 — The CRM Perks Forms plugin for WordPress is vulnerable to arbitrary file uploads due to insufficient file validation on the 'handle_uploaded_files' function in versions up to, and including, 1.1.3. This makes it possible for authenticated attackers with administrator-level capabilities or above, to upload arbitrary files on the affected site's server which may make remote code execution possible. El complemento CRM Perks Forms para WordPress es vulnerable a cargas de archivos arbitrarias debido a una valida... • https://plugins.trac.wordpress.org/browser/crm-perks-forms/trunk/includes/front-form.php?rev=3003885#L3271 • CWE-434: Unrestricted Upload of File with Dangerous Type •

CVSS: 7.2EPSS: 0%CPEs: 1EXPL: 0

22 Apr 2024 — The Database for Contact Form 7, WPforms, Elementor forms plugin for WordPress is vulnerable to Stored Cross-Site Scripting in all versions up to, and including, 1.3.8 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. El complemento Database for Contact Form 7, WPforms, Elementor forms para WordPress es vulnerable a Cross-Site Scripting Almacena... • https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&new=3074165%40contact-form-entries%2Ftrunk&old=3066269%40contact-form-entries%2Ftrunk&sfp_email=&sfph_mail= • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 6.4EPSS: 0%CPEs: 1EXPL: 0

06 Mar 2024 — The Database for Contact Form 7, WPforms, Elementor forms plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcode(s) in all versions up to, and including, 1.3.3 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. El complemento Database for ... • https://plugins.trac.wordpress.org/browser/contact-form-entries/trunk/contact-form-entries.php • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 8.3EPSS: 0%CPEs: 1EXPL: 0

30 Jan 2024 — The Contact Form Entries plugin for WordPress is vulnerable to arbitrary file uploads due to insufficient file validation on the 'view_page' function in versions up to, and including, 1.3.2. This makes it possible for authenticated attackers with administrator-level capabilities or above, to upload arbitrary files on the affected site's server which may make remote code execution possible. El complemento Contact Form Entries para WordPress es vulnerable a cargas de archivos arbitrarios debido a una validaci... • https://plugins.trac.wordpress.org/browser/contact-form-entries/trunk/includes/plugin-pages.php?rev=3003884#L1213 • CWE-434: Unrestricted Upload of File with Dangerous Type •

CVSS: 5.9EPSS: 0%CPEs: 1EXPL: 0

27 Dec 2023 — Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in CRM Perks CRM Perks Forms – WordPress Form Builder allows Stored XSS.This issue affects CRM Perks Forms – WordPress Form Builder: from n/a through 1.1.2. La vulnerabilidad de neutralización incorrecta de la entrada durante de generación de páginas web ('Cross-site Scripting') en CRM Perks Forms CRM Perks – WordPress Form Builder permite XSS almacenado. Este problema afecta a CRM Perks Forms – WordPress Form... • https://patchstack.com/database/vulnerability/crm-perks-forms/wordpress-crm-perks-forms-plugin-1-1-2-cross-site-scripting-xss-vulnerability?_s_id=cve • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 6.4EPSS: 0%CPEs: 1EXPL: 0

14 Nov 2023 — URL Redirection to Untrusted Site ('Open Redirect') vulnerability in CRM Perks. Integration for Constant Contact and Contact Form 7, WPForms, Elementor, Ninja Forms.This issue affects Integration for Constant Contact and Contact Form 7, WPForms, Elementor, Ninja Forms: from n/a through 1.1.4. Vulnerabilidad de redirección de URL a un sitio que no es de confianza ("Open Redirect") en CRM Perks. Integración para Constant Contact y Contact Form 7, WPForms, Elementor, Ninja Forms. Este problema afecta la integr... • https://patchstack.com/database/vulnerability/cf7-constant-contact/wordpress-integration-for-contact-form-7-and-constant-contact-plugin-1-1-4-open-redirection-vulnerability?_s_id=cve • CWE-601: URL Redirection to Untrusted Site ('Open Redirect') •

CVSS: 6.4EPSS: 0%CPEs: 1EXPL: 0

20 Jul 2023 — URL Redirection to Untrusted Site ('Open Redirect') vulnerability in CRM Perks Integration for WooCommerce and QuickBooks.This issue affects Integration for WooCommerce and QuickBooks: from n/a through 1.2.3. Vulnerabilidad de redireccionamiento de URL a un sitio que no es de confianza ("Open Redirect") en CRM Perks Integration for WooCommerce and QuickBooks. Este problema afecta a Integration for WooCommerce and QuickBooks: desde n/a hasta 1.2.3. The Integration for WooCommerce and QuickBooks plugin for Wo... • https://patchstack.com/database/vulnerability/wp-woocommerce-quickbooks/wordpress-integration-for-woocommerce-and-quickbooks-plugin-1-2-3-open-redirection-vulnerability?_s_id=cve • CWE-601: URL Redirection to Untrusted Site ('Open Redirect') •

CVSS: 6.4EPSS: 0%CPEs: 1EXPL: 0

20 Jul 2023 — URL Redirection to Untrusted Site ('Open Redirect') vulnerability in CRM Perks Integration for WooCommerce and Zoho CRM, Books, Invoice, Inventory, Bigin.This issue affects Integration for WooCommerce and Zoho CRM, Books, Invoice, Inventory, Bigin: from n/a before 1.3.7. Vulnerabilidad de redireccionamiento de URL a un sitio que no es de confianza ('Open Redirect') en CRM Perks Integration for WooCommerce and Zoho CRM, Books, Invoice, Inventory, Bigin. Este problema afecta a Integration for WooCommerce and ... • https://patchstack.com/database/vulnerability/woo-zoho/wordpress-integration-for-woocommerce-and-zoho-crm-plugin-1-3-7-open-redirection-vulnerability?_s_id=cve • CWE-601: URL Redirection to Untrusted Site ('Open Redirect') •

CVSS: 7.1EPSS: 0%CPEs: 1EXPL: 0

13 Jul 2023 — URL Redirection to Untrusted Site ('Open Redirect') vulnerability in CRM Perks Integration for Salesforce and Contact Form 7, WPForms, Elementor, Ninja Forms.This issue affects Integration for Salesforce and Contact Form 7, WPForms, Elementor, Ninja Forms: from n/a through 1.3.3. Vulnerabilidad de redirección de URL a sitio no confiable ("Open Redirect") en CRM Perks Integration for Salesforce and Contact Form 7, WPForms, Elementor, Ninja Forms. Este problema afecta a Integration for Salesforce and Contact ... • https://patchstack.com/database/vulnerability/cf7-salesforce/wordpress-integration-for-contact-form-7-and-salesforce-plugin-1-3-3-open-redirection-vulnerability?_s_id=cve • CWE-601: URL Redirection to Untrusted Site ('Open Redirect') •