NotCVE - vendor:"Strategy11team"

5 results (0.007 seconds)

CVSS: 6.4EPSS: 0%CPEs: 1EXPL: 0

CVE-2024-11188 – Formidable Forms – Contact Form Plugin, Survey, Quiz, Payment, Calculator Form & Custom Form Builder <= 6.16.1.2 - Reflected Cross-Site Scripting via Custom HTML Form Parameter

https://notcve.org/view.php?id=CVE-2024-11188

22 Nov 2024 — The Formidable Forms – Contact Form Plugin, Survey, Quiz, Payment, Calculator Form & Custom Form Builder plugin for WordPress is vulnerable to POST-Based Reflected Cross-Site Scripting via the Custom HTML Form parameters in all versions up to, and including, 6.16.1.2 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as click... • https://plugins.trac.wordpress.org/browser/formidable/tags/6.16/classes/helpers/FrmFieldsHelper.php#L158 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 4.9EPSS: 0%CPEs: 1EXPL: 0

CVE-2024-6725 – Formidable Forms <= 6.11.1 - Authenticated (Subscriber+) Stored Cross-Site Scripting

https://notcve.org/view.php?id=CVE-2024-6725

30 Jul 2024 — The Formidable Forms – Contact Form Plugin, Survey, Quiz, Payment, Calculator Form & Custom Form Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘html’ parameter in all versions up to, and including, 6.11.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with form editing permissions and Subscriber-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an inj... • https://plugins.trac.wordpress.org/browser/formidable/trunk/classes/models/fields/FrmFieldType.php#L875 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 1

CVE-2024-4443 – Business Directory Plugin – Easy Listing Directories for WordPress <= 6.4.2 - Unauthenticated SQL Injection via listingfields Parameter

https://notcve.org/view.php?id=CVE-2024-4443

21 May 2024 — The Business Directory Plugin – Easy Listing Directories for WordPress plugin for WordPress is vulnerable to time-based SQL Injection via the ‘listingfields’ parameter in all versions up to, and including, 6.4.2 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for unauthenticated attackers to append additional SQL queries into already existing queries that can be used to extract sensitive information from the dat... • https://github.com/truonghuuphuc/CVE-2024-4443-Poc • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •

CVSS: 8.3EPSS: 0%CPEs: 1EXPL: 0

CVE-2017-20192 – Formidable Form Builder < 2.05.03 - Unauthenticated Stored Cross-Site Scripting

https://notcve.org/view.php?id=CVE-2017-20192

13 Nov 2017 — The Formidable Form Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via multiple parameters submitted during form entries like 'after_html' in versions before 2.05.03 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts that execute in a victim's browser. • https://www.wordfence.com/threat-intel/vulnerabilities/id/900fcaab-2424-4ae8-af18-95659db0dbe3?source=cve • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 0

CVE-2017-20194 – Formidable Form Builder < 2.05.03 - Unauthenticated Information Disclosure

https://notcve.org/view.php?id=CVE-2017-20194

12 Nov 2017 — The Formidable Form Builder plugin for WordPress is vulnerable to Sensitive Data Exposure in versions up to, and including, 2.05.03 via the frm_forms_preview AJAX action. This makes it possible for unauthenticated attackers to export all of the form entries for a given form. El complemento Formidable Form Builder para WordPress es vulnerable a la exposición de datos confidenciales en versiones hasta la 2.05.03 incluida a través de la acción AJAX frm_forms_preview. Esto permite que atacantes no autenticados ... • https://klikki.fi/formidable-forms-vulnerabilities • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •