123 matches found
CVE-2025-54678 WordPress Easy Form Builder Plugin <= 3.8.15 - SQL Injection Vulnerability
Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in hassantafreshi Easy Form Builder easy-form-builder allows Blind SQL Injection.This issue affects Easy Form Builder: from n/a through = 3.8.15...
PT-2025-33230 · Unknown · Easy Form Builder
Name of the Vulnerable Software and Affected Versions: Easy Form Builder versions through 3.8.15 Description: The software contains an improper neutralization of special elements used in an SQL command, resulting in a blind SQL injection issue. Recommendations: Update Easy Form Builder to a versi...
WordPress plugin Easy Form Builder SQL注入漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A SQL injection vulnerabili...
WordPress Easy Form Builder Plugin <= 3.8.15 - SQL Injection Vulnerability
SQL Injection Vulnerability discovered by Phat RiO - BlueRock in WordPress Plugin Easy Form Builder versions = 3.8.15...
CVE-2024-12112
The Easy Form Builder – WordPress plugin form builder: contact form, survey form, payment form, and custom form builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'name' parameter of the 'addformEmsfb' AJAX action in all versions up to, and including, 3.8.8 due to...
CVE-2023-32498
Auth. admin+ Stored Cross-Site Scripting XSS vulnerability in Easy Form team Easy Form by AYS plugin = 1.2.0 versions...
CVE-2022-3906
The Easy Form Builder WordPress plugin before 3.4.0 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...
CVE-2021-24224
The EFBPverifyuploadfile AJAX action of the Easy Form Builder WordPress plugin through 1.0, available to authenticated users, does not have any security in place to verify uploaded files, allowing low privilege users to upload arbitrary files, leading to RCE...
CVE-2025-27285
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Ays Pro Easy Form easy-form allows Reflected XSS.This issue affects Easy Form: from n/a through = 2.6.9...
CVE-2025-27285
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Ays Pro Easy Form easy-form allows Reflected XSS.This issue affects Easy Form: from n/a through = 2.6.9...
CVE-2025-27285
CVE-2025-27285 is a reflected XSS in WordPress plugin Easy Form by AYS, caused by improper input neutralization during web page generation. Affected: Easy Form by AYS (versions n/a–2.6.9). Impact per sources: potential user-facing cross-site scripting with HIGH severities (CVSS v3.1 ~7.1). Mitiga...
CVE-2025-27285 WordPress Easy Form by AYS Plugin <= 2.6.9 - Reflected Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Ays Pro Easy Form easy-form allows Reflected XSS.This issue affects Easy Form: from n/a through = 2.6.9...
CVE-2025-27285 WordPress Easy Form by AYS Plugin <= 2.6.9 - Reflected Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Ays Pro Easy Form easy-form allows Reflected XSS.This issue affects Easy Form: from n/a through = 2.6.9...
WordPress plugin Easy Form by AYS 跨站脚本漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation. WordPress is a blogging platform developed in the PHP language. The platform supports personal blog sites on servers running PHP and MySQL. WordPress plugin is an application plugin. A cross-site scripting vulnerability...
PT-2025-17052 · Ays · Easy Form
Name of the Vulnerable Software and Affected Versions: Easy Form by AYS versions n/a through 2.6.9 Description: The issue is related to Improper Neutralization of Input During Web Page Generation, also known as Cross-site Scripting, allowing Reflected XSS. This enables potential attackers to inje...
WordPress Easy Form by AYS Plugin <= 2.6.9 - Reflected Cross Site Scripting (XSS) vulnerability
Reflected Cross Site Scripting XSS vulnerability discovered by 0xd4rk5id3 in WordPress Plugin Easy Form versions = 2.6.9...
CVE-2024-30535
Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in WhiteStudio Easy Form Builder.This issue affects Easy Form Builder: from n/a through 3.7.4...
CVE-2024-12112
The Easy Form Builder – WordPress plugin form builder: contact form, survey form, payment form, and custom form builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'name' parameter of the 'addformEmsfb' AJAX action in all versions up to, and including, 3.8.8 due to...
CVE-2024-12112
CVE-2024-12112 (Easy Form Builder for WordPress) Stored Cross-Site Scripting vulnerability in the add_form_Emsfb AJAX action occurs via the name parameter. Affected: Easy Form Builder plugin for WordPress (all versions up to 3.8.8). Root cause: insufficient input sanitization and output escaping ...
CVE-2024-12112 Easy Form Builder <= 3.8.8 - Missing Authorization to Authenticated (Subscriber+) Stored Cross-Site Scripting
The Easy Form Builder – WordPress plugin form builder: contact form, survey form, payment form, and custom form builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'name' parameter of the 'addformEmsfb' AJAX action in all versions up to, and including, 3.8.8 due to...