Lucene search
K

434 matches found

CNNVD
CNNVD
added 2026/03/13 12:0 a.m.7 views

WordPress plugin Easy Form 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...

5.3CVSS5.8AI score0.00199EPSS
Exploits0References1
EUVD
EUVD
added 2026/03/11 9:31 a.m.6 views

EUVD-2026-11125

The Responsive Contact Form Builder & Lead Generation Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting in all versions up to, and including, 2.0.1 via form field submissions. This is due to insufficient input sanitization in the lfbleadsanitize function which omits certain...

7.2CVSS5.9AI score0.00241EPSS
Exploits0References5
RedhatCVE
RedhatCVE
added 2026/03/08 7:56 a.m.6 views

CVE-2026-2420

The LotekMedia Popup Form plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin settings in all versions up to, and including, 1.0.6 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Administrator-level...

4.4CVSS5.7AI score0.00193EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/03/07 7:22 a.m.4 views

CVE-2026-2420

The LotekMedia Popup Form plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin settings in all versions up to, and including, 1.0.6 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Administrator-level...

4.4CVSS5.7AI score0.00193EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/03/03 12:0 a.m.5 views

PT-2026-22727

The WP Zendesk for Contact Form 7, WPForms, Elementor, Formidable and Ninja Forms plugin for WordPress is vulnerable to Stored Cross-Site Scripting via form submission data in all versions up to, and including, 1.1.5 due to insufficient input sanitization and output escaping. This makes it possib...

7.2CVSS6AI score0.00235EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2026/02/19 8:27 a.m.4 views

CVE-2026-25418 WordPress Bit Form plugin <= 2.21.10 - SQL Injection vulnerability

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in bitpressadmin Bit Form bit-form allows SQL Injection.This issue affects Bit Form: from n/a through = 2.21.10...

5.8AI score0.00276EPSS
Exploits0References1
CVE
CVE
added 2026/02/19 8:27 a.m.13 views

CVE-2026-25418

The CVE-2026-25418 entry describes an SQL Injection vulnerability in WordPress Bit Form bit-form (affected: Bit Form

7.6CVSS5.9AI score0.00276EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/02/19 8:27 a.m.32 views

CVE-2026-25418 WordPress Bit Form plugin <= 2.21.10 - SQL Injection vulnerability

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Bit Apps Bit Form bit-form allows SQL Injection.This issue affects Bit Form: from n/a through = 2.21.10...

7.6CVSS0.00276EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/01/13 12:0 a.m.7 views

Wordpress plugin WPForms 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform has the ability to set up a personal blog site on a PHP and MySQL based server.WordPress plugin is an application plugin. A cross-site...

6.1CVSS5.8AI score0.00307EPSS
Exploits1References3
RedhatCVE
RedhatCVE
added 2026/01/10 5:41 a.m.4 views

CVE-2025-14984

The Gutenverse Form plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG file upload in all versions up to, and including, 2.3.2. This is due to the plugin's framework component adding SVG to the allowed MIME types via the uploadmimes filter without implementing any...

6.4CVSS5.2AI score0.00273EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/01/09 11:12 a.m.5 views

CVE-2016-10869

The contact-form-plugin plugin before 4.0.2 for WordPress has XSS...

6.1CVSS6.9AI score0.00923EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/01/09 10:35 a.m.5 views

CVE-2017-18613

The trust-form plugin 2.0 for WordPress has XSS via the wp-admin/admin.php?page=trust-form-edit page parameter...

6.1CVSS6AI score0.00966EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2026/01/09 10:33 a.m.6 views

CVE-2017-18491

The contact-form-plugin plugin before 4.0.6 for WordPress has multiple XSS issues...

6.1CVSS6.2AI score0.01464EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2026/01/09 9:16 a.m.5 views

CVE-2025-14901

The Bit Form – Contact Form Plugin plugin for WordPress is vulnerable to unauthorized workflow execution due to missing authorization in the triggerWorkFlow function in all versions up to, and including, 2.21.6. This is due to a logic flaw in the nonce verification where the security check only...

6.5CVSS5.8AI score0.0035EPSS
Exploits0References1
NVD
NVD
added 2026/01/08 10:15 a.m.8 views

CVE-2025-14984

The Gutenverse Form plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG file upload in all versions up to, and including, 2.3.2. This is due to the plugin's framework component adding SVG to the allowed MIME types via the uploadmimes filter without implementing any...

6.4CVSS0.00273EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/01/08 12:0 a.m.10 views

PT-2026-1763

Name of the Vulnerable Software and Affected Versions Gutenverse Form plugin for WordPress versions prior to 2.3.3 Description The Gutenverse Form plugin for WordPress is susceptible to Stored Cross-Site Scripting through SVG file uploads. The plugin’s framework component allows SVG files through...

6.4CVSS5.5AI score0.00273EPSS
Exploits0References6
Patchstack
Patchstack
added 2026/01/07 10:43 p.m.7 views

WordPress Gutenverse Form plugin <= 2.3.2 - Authenticated (Author+) Stored Cross-Site Scripting via SVG File Upload vulnerability

Authenticated Author+ Stored Cross-Site Scripting via SVG File Upload vulnerability discovered by andrea bocchetti in WordPress Plugin Gutenverse Form versions = 2.3.2...

6.4CVSS5.7AI score0.00273EPSS
Exploits0References1Affected Software1
NVD
NVD
added 2026/01/07 12:16 p.m.5 views

CVE-2025-14901

The Bit Form – Contact Form Plugin plugin for WordPress is vulnerable to unauthorized workflow execution due to missing authorization in the triggerWorkFlow function in all versions up to, and including, 2.21.6. This is due to a logic flaw in the nonce verification where the security check only...

6.5CVSS0.0035EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2026/01/07 9:53 a.m.9 views

CVE-2013-7481

The contact-form-plugin plugin before 3.3.5 for WordPress has XSS...

6.1CVSS7.1AI score0.00923EPSS
Exploits0References1
CVE
CVE
added 2026/01/07 6:35 a.m.16 views

CVE-2025-14901

CVE-2025-14901 presented by Wordfence: The Bit Form – Contact Form Plugin for WordPress (all versions up to 2.21.6) has a logic flaw in the triggerWorkFlow AJAX action where nonce verification only blocks requests if both the nonce check fails and the user is logged in. This enables unauthenticat...

6.5CVSS5.5AI score0.0035EPSS
Exploits0References4
Rows per page
Query Builder