Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
a-form vulnerabilities and exploits
(subscribe to this query)
5.3
CVSSv3
CVE-2022-4023
The 3DPrint WordPress plugin prior to 3.5.6.9 does not protect against CSRF attacks in the modified version of Tiny File Manager included with the plugin, allowing an malicious user to craft a malicious request that will create an archive of any files or directories on the target...
3dprint Project 3dprint
5.3
CVSSv3
CVE-2023-0085
The Metform Elementor Contact Form Builder plugin for WordPress is vulnerable to reCaptcha Bypass in versions up to, and including, 3.2.1. This is due to insufficient server side checking on the captcha value submitted during a form submission. This makes it possible for unauthen...
Wpmet Metform Elementor Contact Form Builder
5.3
CVSSv3
CVE-2021-32697
neos/forms is an open source framework to build web forms. By crafting a special `GET` request containing a valid form state, a form can be submitted without invoking any validators. Form state is secured with an HMAC that is still verified. That means that this issue can only be...
Neos Form
5.3
CVSSv3
CVE-2018-19789
An issue exists in Symfony 2.7.x prior to 2.7.50, 2.8.x prior to 2.8.49, 3.x prior to 3.4.20, 4.0.x prior to 4.0.15, 4.1.x prior to 4.1.9, and 4.2.x prior to 4.2.1. When using the scalar type hint `string` in a setter method (e.g. `setName(string $name)`) of a class that's t...
Sensiolabs Symfony
Debian Debian Linux 8.0
4.8
CVSSv3
CVE-2022-0376
The User Meta WordPress plugin prior to 2.4.3 does not sanitise and escape the Form Name, as well as Shared Field Labels before outputting them in the admin dashboard when editing a form, which could allow high privilege users to perform Cross-Site Scripting attacks even when unf...
User-meta User Meta User Profile Builder And User Management
4.8
CVSSv3
CVE-2021-24705
The NEX-Forms WordPress plugin prior to 8.4.3 does not have CSRF checks in place when editing a form, and does not escape some of its settings as well as form fields before outputting them in attributes. This could allow malicious users to make a logged in admin edit arbitrary fo...
Basixonline Nex-forms
4.3
CVSSv3
CVE-2022-1695
The WP Simple Adsense Insertion WordPress plugin prior to 2.1 does not perform CSRF checks on updates to its admin page, allowing an malicious user to trick a logged in user to manipulate ads and inject arbitrary javascript via submitting a form.
Tipsandtricks-hq Wp Simple Adsense Insertion
4.3
CVSSv3
CVE-2021-43846
`solidus_frontend` is the cart and storefront for the Solidus e-commerce project. Versions of `solidus_frontend` before 3.1.5, 3.0.5, and 2.11.14 contain a cross-site request forgery (CSRF) vulnerability that allows a malicious site to add an item to the user's cart without ...
Nebulab Solidus
4.3
CVSSv3
CVE-2021-38508
By displaying a form validity message in the correct location at the same time as a permission prompt (such as for geolocation), the validity message could have obscured the prompt, resulting in the user potentially being tricked into granting the permission. This vulnerability a...
Mozilla Firefox Esr
Mozilla Thunderbird
Mozilla Firefox
Debian Debian Linux 9.0
Debian Debian Linux 10.0
Debian Debian Linux 11.0
4
CVSSv3
CVE-2016-0382
The IBM Tealeaf Consumer Experience 8.7, 8.8, and 9.0 portal exposes some of its operational state in a form that may be accidentally captured and exposed by network infrastructure components such as IIS. IBM X-Force ID: 112356.
Ibm Tealeaf Consumer Experience 8.8.1
Ibm Tealeaf Consumer Experience 9.0
Ibm Tealeaf Consumer Experience 9.0.2
Ibm Tealeaf Consumer Experience 8.7.0
Ibm Tealeaf Consumer Experience 8.7.1
Ibm Tealeaf Consumer Experience 8.8.0
Ibm Tealeaf Consumer Experience 8.7
Ibm Tealeaf Consumer Experience 9.0.1
Ibm Tealeaf Consumer Experience 8.8
Ibm Tealeaf Consumer Experience 8.8.2
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-29895
blind SQL injection
CVE-2024-5064
CVE-2023-52677
CVE-2023-52682
CVE-2024-30051
CVE-2024-35849
remote attackers
remote
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
4
5
6
7
8
9
10
NEXT »