Andreas Damen

#15910de 53,635
16.9CVSS total
Vulnerabilidades · 3
Média
3
PT-2023-25294
5.4
2023-08-07
WordPress · Quiz/Survey Master · CVE-2023-3575
**Name of the Vulnerable Software and Affected Versions** The Quiz And Survey Master WordPress plugin versions prior to 8.1.11 **Description** The issue is related to the improper sanitization and escaping of question titles, which could allow users with the Contributor role and above to perform Stored Cross-Site Scripting attacks. **Recommendations** For versions prior to 8.1.11, update to version 8.1.11 or later to resolve the issue. As a temporary workaround, consider restricting the Contributor role and above from accessing the question title feature until a patch is available.
PT-2023-23293
6.1
2023-07-31
WordPress · Forminator · CVE-2023-3134
**Name of the Vulnerable Software and Affected Versions** Forminator WordPress plugin versions prior to 1.24.4 **Description** The issue arises from the plugin's failure to properly escape values reflected inside form fields that use pre-populated query parameters, potentially leading to reflected XSS attacks. **Recommendations** For versions prior to 1.24.4, update to version 1.24.4 or later to resolve the issue. As a temporary workaround, consider disabling the use of pre-populated query parameters in form fields until a patch is applied. Restrict access to form fields that use pre-populated query parameters to minimize the risk of exploitation.
PT-2023-20992
5.4
2023-06-12
WordPress · Contact Form Email · CVE-2023-2718
**Name of the Vulnerable Software and Affected Versions** Contact Form Email WordPress plugin versions prior to 1.3.38 **Description** The issue is related to a Stored XSS vulnerability. It occurs because the plugin does not escape submitted values before displaying them in the HTML. There is no information provided about the estimated number of potentially affected devices worldwide or details about real-world incidents where this issue was exploited. **Recommendations** For versions prior to 1.3.38, update to version 1.3.38 or later to resolve the issue. As a temporary workaround, consider disabling the submission of user input to the contact form until the update is applied. Restrict access to the contact form module to minimize the risk of exploitation. Avoid using the contact form until the issue is resolved.