Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
incsub vulnerabilities and exploits
(subscribe to this query)
5
CVSSv2
CVE-2018-18576
The Hustle (aka wordpress-popup) plugin up to and including 6.0.5 for WordPress allows Directory Traversal to obtain a directory listing via the views/admin/dashboard/ URI.
Incsub Hustle
NA
CVE-2023-3134
The Forminator WordPress plugin prior to 1.24.4 does not properly escape values that are being reflected inside form fields that use pre-populated query parameters, which could lead to reflected XSS attacks.
Incsub Forminator
3.5
CVSSv2
CVE-2021-24700
The Forminator WordPress plugin prior to 1.15.4 does not sanitize and escape the email field label, which could allow high privilege users to perform Cross-Site Scripting attacks even when the unfiltered_html is disallowed
Incsub Forminator
6.8
CVSSv2
CVE-2019-11872
The Hustle (aka wordpress-popup) plugin 6.0.7 for WordPress is vulnerable to CSV Injection as it allows for injecting malicious code into a pop-up window. Successful exploitation grants an attacker with a right to execute malicious code on the administrator's computer throug...
Incsub Hustle
4.3
CVSSv2
CVE-2019-9567
The "Forminator Contact Form, Poll & Quiz Builder" plugin prior to 1.6 for WordPress has XSS via a custom input field of a poll.
Incsub Forminator
4
CVSSv2
CVE-2019-9568
The "Forminator Contact Form, Poll & Quiz Builder" plugin prior to 1.6 for WordPress has SQL Injection via the wp-admin/admin.php?page=forminator-entries entry[] parameter if the attacker has the delete permission.
Incsub Forminator
NA
CVE-2021-4417
The Forminator – Contact Form, Payment Form & Custom Form Builder plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.13.4. This is due to missing or incorrect nonce validation on the listen_for_saving_export_schedule() f...
Incsub Forminator
NA
CVE-2023-2010
The Forminator WordPress plugin prior to 1.24.1 does not use an atomic operation to check whether a user has already voted, and then update that information. This leads to a Race Condition that may allow a single user to vote multiple times on a poll.
Incsub Forminator
NA
CVE-2023-5119
The Forminator WordPress plugin prior to 1.27.0 does not properly sanitize the redirect-url field in the form submission settings, which could allow high-privilege users such as an administrator to inject arbitrary web scripts even when the unfiltered_html capability is disallowe...
Incsub Forminator
NA
CVE-2021-36821
Unauth. Stored Cross-Site Scripting (XSS) vulnerability in WPMU DEV Forminator – Contact Form, Payment Form & Custom Form Builder plugin <= 1.14.11 versions.
Incsub Forminator
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
injection
CVE-2024-30983
CVE-2023-4235
CVE-2024-21338
privilege
encryption
CVE-2023-4232
CVE-2024-31497
CVE-2024-32341
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
NEXT »