Show filters
14 Total Results
Displaying 11-14 of 14
Sort by:
Attacker Value
Unknown

CVE-2023-25981

Disclosure Date: August 25, 2023 (last updated October 08, 2023)
Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in ThemeKraft Post Form plugin <= 2.8.1 versions.
Attack Vector: NetworkPrivileges: LowUser Interaction: Required
0
0
Attacker Value
Unknown

CVE-2022-38971

Disclosure Date: March 16, 2023 (last updated November 08, 2023)
Stored Cross-Site Scripting (XSS) vulnerability in ThemeKraft Post Form – Registration Form – Profile Form for User Profiles and Content Forms for User Submissions plugin <= 2.7.5 versions.
Attack Vector: NetworkPrivileges: LowUser Interaction: Required
0
0
Attacker Value
Unknown

CVE-2023-26326

Disclosure Date: February 23, 2023 (last updated October 08, 2023)
The BuddyForms WordPress plugin, in versions prior to 2.7.8, was affected by an unauthenticated insecure deserialization issue. An unauthenticated attacker could leverage this issue to call files using a PHAR wrapper that will deserialize the data and call arbitrary PHP Objects that can be used to perform a variety of malicious actions granted a POP chain is also present.
Attack Vector: NetworkPrivileges: NoneUser Interaction: None
0
0
Attacker Value
Unknown

CVE-2018-21003

Disclosure Date: August 27, 2019 (last updated November 27, 2024)
The buddyforms plugin before 2.2.8 for WordPress has SQL injection.
0
0
View More Topics  < Previous