Vulmon
Recent Vulnerabilities
Product List
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
incsub vulnerabilities and exploits
(subscribe to this query)
4.8
CVSSv3
CVE-2023-5119
The Forminator WordPress plugin prior to 1.27.0 does not properly sanitize the redirect-url field in the form submission settings, which could allow high-privilege users such as an administrator to inject arbitrary web scripts even when the unfiltered_html capability is disallowe...
Incsub Forminator
4.8
CVSSv3
CVE-2021-24700
The Forminator WordPress plugin prior to 1.15.4 does not sanitize and escape the email field label, which could allow high privilege users to perform Cross-Site Scripting attacks even when the unfiltered_html is disallowed
Incsub Forminator
8.8
CVSSv3
CVE-2019-11872
The Hustle (aka wordpress-popup) plugin 6.0.7 for WordPress is vulnerable to CSV Injection as it allows for injecting malicious code into a pop-up window. Successful exploitation grants an attacker with a right to execute malicious code on the administrator's computer throug...
Incsub Hustle
9.8
CVSSv3
CVE-2023-1478
The Hummingbird WordPress plugin prior to 3.4.2 does not validate the generated file path for page cache files before writing them, leading to a path traversal vulnerability in the page cache module.
Incsub Hummingbird
4.8
CVSSv3
CVE-2022-0994
The Hummingbird WordPress plugin prior to 3.3.2 does not sanitise and escape the Config Name, which could allow high privilege users, such as admin to perform cross-Site Scripting attacks even when the unfiltered_html capability is disallowed
Incsub Hummingbird
3.1
CVSSv3
CVE-2023-2010
The Forminator WordPress plugin prior to 1.24.1 does not use an atomic operation to check whether a user has already voted, and then update that information. This leads to a Race Condition that may allow a single user to vote multiple times on a poll.
Incsub Forminator
9.8
CVSSv3
CVE-2023-4596
The Forminator plugin for WordPress is vulnerable to arbitrary file uploads due to file type validation occurring after a file has been uploaded to the server in the upload_post_image() function in versions up to, and including, 1.24.6. This makes it possible for unauthenticated ...
Incsub Forminator
5 Github repositories
4.3
CVSSv3
CVE-2021-4417
The Forminator – Contact Form, Payment Form & Custom Form Builder plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.13.4. This is due to missing or incorrect nonce validation on the listen_for_saving_export_schedule() f...
Incsub Forminator
6.1
CVSSv3
CVE-2021-36821
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WPMU DEV Forminator – Contact Form, Payment Form & Custom Form Builder allows Stored XSS.This issue affects Forminator – Contact Form, Payment Form &...
Incsub Forminator
6.1
CVSSv3
CVE-2023-3134
The Forminator WordPress plugin prior to 1.24.4 does not properly escape values that are being reflected inside form fields that use pre-populated query parameters, which could lead to reflected XSS attacks.
Incsub Forminator
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-37316
firmware
CVE-2024-30078
CVE-2024-5995
remote code execution
logic flaw
CVE-2024-20693
CVE-2024-37315
CVE-2024-5464
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
NEXT »