Lucene search
K

26 matches found

Cvelist
Cvelist
added 2026/06/24 5:33 a.m.38 views

CVE-2026-12094 Advanced Contact Form 7 <= 1.0.0 - Missing Authorization to Unauthenticated Arbitrary Contact Form Submission Deletion via 'form_id' Parameter

The Advanced Contact Form 7 - Compact DB plugin for WordPress is vulnerable to unauthorized deletion of data due to a missing capability check on the cf7cdbajaxdeleteuser function in versions up to, and including, 1.0.0. The handler is registered against both wpajaxcf7cdbdelete and...

5.3CVSS0.00295EPSS
Exploits0References4
CVE
CVE
added 2026/06/18 4:31 a.m.23 views

CVE-2026-12120

The CVE-2026-12120 entry describes a vulnerability in the WordPress plugin FireBox Popups – Increase Sales and Grow Your Email List. Affected versions are all up to and including 3.1.7, with exploitation via the form_id parameter allowing unauthenticated attackers to retrieve a full CSV export of...

5.3CVSS5.5AI score0.00331EPSS
Exploits0References10
EUVD
EUVD
added 2026/06/18 4:31 a.m.12 views

EUVD-2026-37839

The FireBox Popups – Increase Sales and Grow Your Email List plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 3.1.7 via the 'formid' parameter. This makes it possible for unauthenticated attackers to extract download a full CSV export of a...

5.3CVSS5.4AI score0.00331EPSS
Exploits0References10
RedhatCVE
RedhatCVE
added 2026/06/05 7:19 p.m.11 views

CVE-2026-5396

The Fluent Forms plugin for WordPress is vulnerable to Authorization Bypass Through User-Controlled Key in all versions up to, and including, 6.1.21. This is due to the SubmissionPolicy class authorizing submission-level actions read, modify, delete, add notes based on a user-supplied formid quer...

8.2CVSS5.5AI score0.00218EPSS
Exploits0References1
EUVD
EUVD
added 2026/03/28 3:31 a.m.4 views

EUVD-2026-16905

The SureForms – Contact Form, Payment Form & Other Custom Form Builder plugin for WordPress is vulnerable to Payment Amount Bypass in all versions up to, and including, 2.5.2. This is due to the createpaymentintent function performing a payment validation solely based on the value of a...

7.5CVSS5.9AI score0.00256EPSS
Exploits0References3
CVE
CVE
added 2026/03/28 1:25 a.m.17 views

CVE-2026-4987

The CVE affects the SureForms – Contact Form, Payment Form & Other Custom Form Builder plugin for WordPress (all versions up to 2.5.2). The root cause is that create_payment_intent() validates the payment amount using a user-controlled parameter, enabling unauthenticated attackers to bypass confi...

7.5CVSS5.9AI score0.00256EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/03/11 1:22 a.m.4 views

CVE-2026-1781

The MC4WP: Mailchimp for WordPress plugin for WordPress is vulnerable to Missing Authorization in all versions up to, and including, 4.11.1. This is due to the plugin trusting the mc4wpaction POST parameter without validation, allowing unauthenticated attackers to force the form to process...

6.5CVSS5.8AI score0.00265EPSS
Exploits0References8
Vulnrichment
Vulnrichment
added 2026/03/11 1:22 a.m.5 views

CVE-2026-1781 MC4WP: Mailchimp for WordPress <= 4.11.1 - Missing Authorization to Unauthenticated Arbitrary Subscription Deletion

The MC4WP: Mailchimp for WordPress plugin for WordPress is vulnerable to Missing Authorization in all versions up to, and including, 4.11.1. This is due to the plugin trusting the mc4wpaction POST parameter without validation, allowing unauthenticated attackers to force the form to process...

6.5CVSS5.8AI score0.00265EPSS
Exploits0References7
Positive Technologies
Positive Technologies
added 2026/03/11 12:0 a.m.9 views

PT-2026-24546

The MC4WP: Mailchimp for WordPress plugin for WordPress is vulnerable to Missing Authorization in all versions up to, and including, 4.11.1. This is due to the plugin trusting the mc4wp action POST parameter without validation, allowing unauthenticated attackers to force the form to process...

6.5CVSS5.8AI score0.00265EPSS
Exploits0References8
RedhatCVE
RedhatCVE
added 2026/02/27 4:13 a.m.6 views

CVE-2026-27943

OpenEMR is a free and open source electronic health records and medical practice management application. In versions up to and including 8.0.0, the eye exam eyemag view loads data by formid or equivalent without verifying that the form belongs to the current user’s patient/encounter context. An...

6.5CVSS5.4AI score0.0026EPSS
Exploits1References1
NVD
NVD
added 2026/02/26 2:16 a.m.16 views

CVE-2026-27943

OpenEMR is a free and open source electronic health records and medical practice management application. In versions up to and including 8.0.0, the eye exam eyemag view loads data by formid or equivalent without verifying that the form belongs to the current user’s patient/encounter context. An...

6.5CVSS0.0026EPSS
Exploits1References2
Vulnrichment
Vulnrichment
added 2026/02/26 1:30 a.m.4 views

CVE-2026-27943 OpenEMR's Eye Exam View Trusts form_id Without Verifying Patient/Encounter Ownership

OpenEMR is a free and open source electronic health records and medical practice management application. In versions up to and including 8.0.0, the eye exam eyemag view loads data by formid or equivalent without verifying that the form belongs to the current user’s patient/encounter context. An...

6.5CVSS5.5AI score0.0026EPSS
Exploits1References2
ATTACKERKB
ATTACKERKB
added 2026/02/26 1:30 a.m.4 views

CVE-2026-27943

OpenEMR is a free and open source electronic health records and medical practice management application. In versions up to and including 8.0.0, the eye exam eyemag view loads data by formid or equivalent without verifying that the form belongs to the current user’s patient/encounter context. An...

6.5CVSS5.5AI score0.0026EPSS
Exploits1References3Affected Software1
Cvelist
Cvelist
added 2026/02/26 1:30 a.m.27 views

CVE-2026-27943 OpenEMR's Eye Exam View Trusts form_id Without Verifying Patient/Encounter Ownership

OpenEMR is a free and open source electronic health records and medical practice management application. In versions up to and including 8.0.0, the eye exam eyemag view loads data by formid or equivalent without verifying that the form belongs to the current user’s patient/encounter context. An...

6.5CVSS0.0026EPSS
Exploits1References2
CVE
CVE
added 2026/02/26 1:30 a.m.18 views

CVE-2026-27943

OpenEMR (versions up to 8.0.0) contains an access control flaw in the eye_exam (eye_mag) view: data is loaded by form_id without verifying the form belongs to the current user’s patient/encounter context. An authenticated user can access or edit any patient’s eye exam by supplying a different for...

6.5CVSS5.5AI score0.0026EPSS
Exploits1References2Affected Software1
Positive Technologies
Positive Technologies
added 2026/02/26 12:0 a.m.10 views

PT-2026-22100

OpenEMR is a free and open source electronic health records and medical practice management application. In versions up to and including 8.0.0, the eye exam eye mag view loads data by form id or equivalent without verifying that the form belongs to the current user’s patient/encounter context. An...

6.5CVSS5.5AI score0.0026EPSS
Exploits1References3
CVE
CVE
added 2026/02/25 6:48 p.m.18 views

CVE-2026-25930

OpenEMR before version 8.0.0 is affected by a vulnerability in the Layout-Based Form (LBF) printable view: the request can supply formid and visitid/patientid without verifying that the form belongs to the authenticated user’s patient/encounter. An authenticated user with LBF access can enumerate...

6.5CVSS5.5AI score0.0026EPSS
Exploits1References2Affected Software1
Vulnrichment
Vulnrichment
added 2026/02/18 7:25 a.m.5 views

CVE-2026-1860 Kali Forms <= 2.4.8 - Insecure Direct Object Reference to Authenticated (Contributor+) Sensitive Form Data Exposure

The Kali Forms plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 2.4.8. This is due to the getitemspermissionscheck permission callback on the /kaliforms/v1/forms/id REST API endpoint only checking for the editposts capability without...

4.3CVSS5.6AI score0.00289EPSS
Exploits0References5
GithubExploit
GithubExploit
added 2026/01/28 2:29 p.m.194 views

Exploit for CVE-2026-1056

CVE-2026-1056-POC Snow Monkey Forms - Unauthenticated Arbitr...

9.8CVSS6.2AI score0.12024EPSS
Exploits1
CVE
CVE
added 2026/01/24 9:8 a.m.21 views

CVE-2026-1189

CVE-2026-1189 affects LeadBI Plugin for WordPress. All versions up to and including 1.7 are vulnerable to stored cross-site scripting via the form_id attribute of the leadbi_form shortcode. Exploitation requires authenticated access at Contributor level or higher; an attacker can inject script in...

6.4CVSS5.8AI score0.00192EPSS
Exploits0References4
Rows per page
Query Builder