Lucene search
K

123 matches found

Cvelist
Cvelist
added 2025/08/14 10:34 a.m.12 views

CVE-2025-54678 WordPress Easy Form Builder Plugin <= 3.8.15 - SQL Injection Vulnerability

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in hassantafreshi Easy Form Builder easy-form-builder allows Blind SQL Injection.This issue affects Easy Form Builder: from n/a through = 3.8.15...

9.3CVSS0.00285EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2025/08/14 12:0 a.m.3 views

PT-2025-33230 · Unknown · Easy Form Builder

Name of the Vulnerable Software and Affected Versions: Easy Form Builder versions through 3.8.15 Description: The software contains an improper neutralization of special elements used in an SQL command, resulting in a blind SQL injection issue. Recommendations: Update Easy Form Builder to a versi...

9.3CVSS7.3AI score0.00285EPSS
Exploits0References4
CNNVD
CNNVD
added 2025/08/14 12:0 a.m.4 views

WordPress plugin Easy Form Builder SQL注入漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A SQL injection vulnerabili...

9.3CVSS5.4AI score0.00285EPSS
Exploits0References1
Patchstack
Patchstack
added 2025/08/07 12:28 p.m.6 views

WordPress Easy Form Builder Plugin <= 3.8.15 - SQL Injection Vulnerability

SQL Injection Vulnerability discovered by Phat RiO - BlueRock in WordPress Plugin Easy Form Builder versions = 3.8.15...

9.3CVSS5.5AI score0.00285EPSS
Exploits0Affected Software1
RedhatCVE
RedhatCVE
added 2025/05/23 8:21 a.m.5 views

CVE-2024-12112

The Easy Form Builder – WordPress plugin form builder: contact form, survey form, payment form, and custom form builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'name' parameter of the 'addformEmsfb' AJAX action in all versions up to, and including, 3.8.8 due to...

6.4CVSS4.9AI score0.00249EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 5:10 a.m.9 views

CVE-2023-32498

Auth. admin+ Stored Cross-Site Scripting XSS vulnerability in Easy Form team Easy Form by AYS plugin = 1.2.0 versions...

5.9CVSS5.6AI score0.00369EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 10:6 p.m.9 views

CVE-2022-3906

The Easy Form Builder WordPress plugin before 3.4.0 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

4.8CVSS5.7AI score0.00392EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/05/22 7:20 p.m.10 views

CVE-2021-24224

The EFBPverifyuploadfile AJAX action of the Easy Form Builder WordPress plugin through 1.0, available to authenticated users, does not have any security in place to verify uploaded files, allowing low privilege users to upload arbitrary files, leading to RCE...

8.8CVSS6.8AI score0.01906EPSS
Exploits2References1
RedhatCVE
RedhatCVE
added 2025/04/25 4:45 p.m.4 views

CVE-2025-27285

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Ays Pro Easy Form easy-form allows Reflected XSS.This issue affects Easy Form: from n/a through = 2.6.9...

7.1CVSS7.2AI score0.00257EPSS
Exploits0References1
NVD
NVD
added 2025/04/17 4:15 p.m.4 views

CVE-2025-27285

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Ays Pro Easy Form easy-form allows Reflected XSS.This issue affects Easy Form: from n/a through = 2.6.9...

7.1CVSS0.00257EPSS
Exploits0References1
CVE
CVE
added 2025/04/17 3:48 p.m.39 views

CVE-2025-27285

CVE-2025-27285 is a reflected XSS in WordPress plugin Easy Form by AYS, caused by improper input neutralization during web page generation. Affected: Easy Form by AYS (versions n/a–2.6.9). Impact per sources: potential user-facing cross-site scripting with HIGH severities (CVSS v3.1 ~7.1). Mitiga...

7.1CVSS7.2AI score0.00257EPSS
Exploits0References1
Cvelist
Cvelist
added 2025/04/17 3:48 p.m.11 views

CVE-2025-27285 WordPress Easy Form by AYS Plugin <= 2.6.9 - Reflected Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Ays Pro Easy Form easy-form allows Reflected XSS.This issue affects Easy Form: from n/a through = 2.6.9...

7.1CVSS0.00257EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2025/04/17 3:48 p.m.3 views

CVE-2025-27285 WordPress Easy Form by AYS Plugin <= 2.6.9 - Reflected Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Ays Pro Easy Form easy-form allows Reflected XSS.This issue affects Easy Form: from n/a through = 2.6.9...

7.1CVSS8.6AI score0.00257EPSS
Exploits0References1
CNNVD
CNNVD
added 2025/04/17 12:0 a.m.3 views

WordPress plugin Easy Form by AYS 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation. WordPress is a blogging platform developed in the PHP language. The platform supports personal blog sites on servers running PHP and MySQL. WordPress plugin is an application plugin. A cross-site scripting vulnerability...

7.1CVSS8AI score0.00257EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2025/04/17 12:0 a.m.2 views

PT-2025-17052 · Ays · Easy Form

Name of the Vulnerable Software and Affected Versions: Easy Form by AYS versions n/a through 2.6.9 Description: The issue is related to Improper Neutralization of Input During Web Page Generation, also known as Cross-site Scripting, allowing Reflected XSS. This enables potential attackers to inje...

7.1CVSS9.1AI score0.00257EPSS
Exploits0References4
Patchstack
Patchstack
added 2025/02/21 12:0 a.m.3 views

WordPress Easy Form by AYS Plugin <= 2.6.9 - Reflected Cross Site Scripting (XSS) vulnerability

Reflected Cross Site Scripting XSS vulnerability discovered by 0xd4rk5id3 in WordPress Plugin Easy Form versions = 2.6.9...

7.1CVSS6.1AI score0.00257EPSS
Exploits0Affected Software1
RedhatCVE
RedhatCVE
added 2025/02/05 9:25 a.m.15 views

CVE-2024-30535

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in WhiteStudio Easy Form Builder.This issue affects Easy Form Builder: from n/a through 3.7.4...

8.5CVSS8.9AI score0.00488EPSS
Exploits0References1
NVD
NVD
added 2025/01/08 4:15 a.m.14 views

CVE-2024-12112

The Easy Form Builder – WordPress plugin form builder: contact form, survey form, payment form, and custom form builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'name' parameter of the 'addformEmsfb' AJAX action in all versions up to, and including, 3.8.8 due to...

6.4CVSS0.00249EPSS
Exploits0References2
CVE
CVE
added 2025/01/08 3:18 a.m.45 views

CVE-2024-12112

CVE-2024-12112 (Easy Form Builder for WordPress) Stored Cross-Site Scripting vulnerability in the add_form_Emsfb AJAX action occurs via the name parameter. Affected: Easy Form Builder plugin for WordPress (all versions up to 3.8.8). Root cause: insufficient input sanitization and output escaping ...

6.4CVSS5.8AI score0.00249EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2025/01/08 3:18 a.m.4 views

CVE-2024-12112 Easy Form Builder <= 3.8.8 - Missing Authorization to Authenticated (Subscriber+) Stored Cross-Site Scripting

The Easy Form Builder – WordPress plugin form builder: contact form, survey form, payment form, and custom form builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'name' parameter of the 'addformEmsfb' AJAX action in all versions up to, and including, 3.8.8 due to...

6.4CVSS5.8AI score0.00249EPSS
Exploits0References2
Rows per page
Query Builder