Cross-Site Request Forgery (CSRF) vulnerability in Bright Plugins Block IPs for Gravity Forms.This issue affects Block IPs for Gravity Forms: from n/a through...
8.8CVSS
7.5AI Score
0.001EPSS
Deserialization of Untrusted Data vulnerability in Rocketgenius Inc. Gravity Forms.This issue affects Gravity Forms: from n/a through...
9.8CVSS
7.2AI Score
0.001EPSS
The Gravity Forms Google Sheet Connector WordPress plugin before 1.3.5, gsheetconnector-gravityforms-pro WordPress plugin through 1.3.5 does not have CSRF check when updating its Access Code, which could allow attackers to make logged in admin change the access code to an arbitrary one via a CSRF.....
6.5CVSS
6.5AI Score
0.0005EPSS
The OTP Login Woocommerce & Gravity Forms plugin for WordPress is vulnerable to authentication bypass. This is due to the fact that when generating OTP codes for users to use in order to login via phone number, the plugin returns these codes in an AJAX response. This makes it possible for...
8.1CVSS
8.1AI Score
0.001EPSS
The Woo Billingo Plus WordPress plugin before 4.4.5.4, Integration for Billingo & Gravity Forms WordPress plugin before 1.0.4, Integration for Szamlazz.hu & Gravity Forms WordPress plugin before 1.2.7 are lacking CSRF checks in various AJAX actions, which could allow attackers to make logged in...
7.1CVSS
7AI Score
0.001EPSS
An issue was discovered in gravity through 0.8.1. A NULL pointer dereference exists in the function ircode_add_check() located in gravity_ircode.c. It allows an attacker to cause Denial of...
5.5CVSS
5.4AI Score
0.001EPSS
An issue was discovered in gravity through 0.8.1. A heap-buffer-overflow exists in the function gnode_function_add_upvalue located in gravity_ast.c. It allows an attacker to cause code...
7.8CVSS
7.6AI Score
0.001EPSS
An issue was discovered in gravity through 0.8.1. A NULL pointer dereference exists in the function ircode_register_pop_context_protect() located in gravity_ircode.c. It allows an attacker to cause Denial of...
7.8CVSS
7.4AI Score
0.001EPSS
An issue was discovered in gravity through 0.8.1. A NULL pointer dereference exists in the function list_iterator_next() located in gravity_core.c. It allows an attacker to cause Denial of...
5.5CVSS
5.3AI Score
0.001EPSS
An issue was discovered in gravity through 0.8.1. A NULL pointer dereference exists in the function gravity_string_to_value() located in gravity_value.c. It allows an attacker to cause Denial of...
5.5CVSS
5.3AI Score
0.001EPSS
7.5CVSS
7.4AI Score
0.001EPSS
Creolabs Gravity 1.0 contains a stack based buffer overflow in the operator_string_add function, resulting in remote code...
9.8CVSS
8.8AI Score
0.021EPSS
Creolabs Gravity Version: 1.0 Use-After-Free Possible code execution. An example of a Heap-Use-After-Free after the 'sublexer' pointer has been freed. Line 542 of gravity_lexer.c. 'lexer' is being used to access a variable but 'lexer' has already been freed, creating a Heap Use-After-Free...
9.8CVSS
7.8AI Score
0.003EPSS
Creolabs Gravity Version: 1.0 Heap Overflow Potential Code Execution. By creating a large loop whiling pushing data to a buffer, we can break out of the bounds checking of that buffer. When list.join is called on the data it will read past a buffer resulting in a...
9.8CVSS
7.6AI Score
0.003EPSS
Creolabs Gravity version 1.0 is vulnerable to a heap overflow in an undisclosed component that can result in arbitrary code...
9.8CVSS
8.3AI Score
0.007EPSS
Creolabs Gravity version 1.0 is vulnerable to a Double Free in gravity_value resulting potentially leading to modification of unexpected memory...
9.8CVSS
7.3AI Score
0.005EPSS
9.8CVSS
7.8AI Score
0.003EPSS
Creolabs Gravity version 1.0 is vulnerable to a stack overflow in the string_repeat()...
9.8CVSS
7.8AI Score
0.003EPSS
Eval injection vulnerability in library/setup/rpc.php in Gravity Getting Things Done (GTD) 0.4.5 and earlier allows remote attackers to execute arbitrary PHP code via the objectname...
8.1AI Score
0.005EPSS
Directory traversal vulnerability in library/setup/rpc.php in Gravity Getting Things Done (GTD) 0.4.5 and earlier allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the objectname...
7.3AI Score
0.003EPSS