4 matches found
EUVD-2026-11133
The Gravity Forms plugin for WordPress is vulnerable to Stored Cross-Site Scripting in all versions up to, and including, 2.9.28.1. This is due to a compound failure involving missing authorization on the createfromtemplate AJAX endpoint allowing any authenticated user to create forms, insufficie...
CVE-2026-3492
The Gravity Forms WordPress plugin (all versions up to 2.9.28.1) is vulnerable to Stored XSS due to a trio of issues: (1) missing authorization on the create_from_template AJAX endpoint allowing any authenticated user to create forms, (2) insufficient input sanitization where sanitize_text_field(...
CVE-2026-3492
The Gravity Forms plugin for WordPress is vulnerable to Stored Cross-Site Scripting in all versions up to, and including, 2.9.28.1. This is due to a compound failure involving missing authorization on the createfromtemplate AJAX endpoint allowing any authenticated user to create forms, insufficie...
PT-2026-24658
The Gravity Forms plugin for WordPress is vulnerable to Stored Cross-Site Scripting in all versions up to, and including, 2.9.28.1. This is due to a compound failure involving missing authorization on the create from template AJAX endpoint allowing any authenticated user to create forms,...