3 matches found
CVE-2026-4394
The Gravity Forms plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Credit Card field's 'Card Type' sub-field input.4 in all versions up to, and including, 2.9.30. This is due to the getvalueentrydetail method in the GFFieldCreditCard class outputting the card type value...
CVE-2026-4394
Gravity Forms for WordPress (<= 2.9.30) is vulnerable to unauthenticated stored XSS via the Credit Card field’s Card Type sub-field (input_.4). The get_value_entry_detail() method outputs the card type value without escaping, while get_value_save_entry() accepts and stores unsanitized input fo...
Malicious code in credit-card-input (npm)
The package communicates with a domain associated with malicious activity...