CVE-2026-32278

Connect CMS has a Stored XSS vulnerability in the Form Plugin file field. Affected versions are 1.x up to 1.41.0 and 2.x up to 2.41.0. The issue can allow arbitrary script execution in an administrator’s browser if exploited. Patched versions are 1.41.1 and 2.41.1. Remediation is to upgrade the F...

CVE-2026-32278 Connect CMS has Stored Cross-site Scripting (XSS) in the File Field of its Form Plugin

Connect-CMS is a content management system. In versions on the 1.x series up to and including 1.41.0 and versions on the 2.x series up to and including 2.41.0, a Stored Cross-site Scripting XSS issue exists in the file field of the Form Plugin. Versions 1.41.1 and 2.41.1 contain a patch...

CVE-2026-32278

Connect-CMS is a content management system. In versions on the 1.x series up to and including 1.41.0 and versions on the 2.x series up to and including 2.41.0, a Stored Cross-site Scripting XSS issue exists in the file field of the Form Plugin. Versions 1.41.1 and 2.41.1 contain a patch...

CVE-2026-32278 Connect CMS has Stored Cross-site Scripting (XSS) in the File Field of its Form Plugin

Connect-CMS is a content management system. In versions on the 1.x series up to and including 1.41.0 and versions on the 2.x series up to and including 2.41.0, a Stored Cross-site Scripting XSS issue exists in the file field of the Form Plugin. Versions 1.41.1 and 2.41.1 contain a patch...

EUVD-2026-14570

Connect CMS has Stored Cross-site Scripting XSS in the File Field of its Form Plugin...

Connect CMS has Stored Cross-site Scripting (XSS) in the File Field of its Form Plugin

Security Advisory — Form Plugin Stored XSS Summary A Stored Cross-site Scripting XSS issue exists in the file field of the Form Plugin. Affected Versions - 1.x series: = 1.41.0 - 2.x series: = 2.41.0 Patched Versions - 1.41.1 - 2.41.1 Description In the file field of the Form Plugin, Stored...

Arbitrary File Upload

Overview Affected versions of this package are vulnerable to Arbitrary File Upload in the file field of the Form Plugin. An attacker can execute arbitrary scripts in an administrator's browser by uploading specially crafted files, potentially leading to unauthorized actions or information theft...

GHSA-MV3P-7P89-WQ9P Connect CMS has Stored Cross-site Scripting (XSS) in the File Field of its Form Plugin

Security Advisory — Form Plugin Stored XSS Summary A Stored Cross-site Scripting XSS issue exists in the file field of the Form Plugin. Affected Versions - 1.x series: = 1.41.0 - 2.x series: = 2.41.0 Patched Versions - 1.41.1 - 2.41.1 Description In the file field of the Form Plugin, Stored...

PT-2026-27230

Connect-CMS is a content management system. In versions on the 1.x series up to and including 1.41.0 and versions on the 2.x series up to and including 2.41.0, a Stored Cross-site Scripting XSS issue exists in the file field of the Form Plugin. Versions 1.41.1 and 2.41.1 contain a patch...

OpenSource-WorkShop Connect-CMS 代码问题漏洞

OpenSource-WorkShop Connect-CMS is a content management system used by the OpenSource-WorkShop company, designed for easy website creation. Versions of Connect-CMS prior to 1.41.0 and 2.41.0 contain code vulnerabilities due to cross-site scripting vulnerabilities in the Form Plugin file fields,...

PT-2026-26882

The JetFormBuilder plugin for WordPress is vulnerable to arbitrary file read via path traversal in all versions up to, and including, 3.5.6.2. This is due to the 'Uploaded File::set from array' method accepting user-supplied file paths from the Media Field preset JSON payload without validating...

CVE-2026-1947 NEX-Forms – Ultimate Forms Plugin for WordPress <= 9.1.9 - Missing Authorization to Unauthenticated Arbitrary Form Entry Modification via nf_set_entry_update_id

The NEX-Forms – Ultimate Forms Plugin for WordPress plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 9.1.9 via the submitnexform function due to missing validation on a user controlled key. This makes it possible for unauthenticated...

CVE-2026-32332 WordPress Easy Form plugin <= 2.7.9 - Broken Access Control vulnerability

Missing Authorization vulnerability in Ays Pro Easy Form easy-form allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Easy Form: from n/a through = 2.7.9...

WordPress plugin Easy Form 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...

WordPress plugin CP Contact Form with Paypal SQL注入漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...

EUVD-2026-11125

The Responsive Contact Form Builder & Lead Generation Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting in all versions up to, and including, 2.0.1 via form field submissions. This is due to insufficient input sanitization in the lfbleadsanitize function which omits certain...

CVE-2026-2420

The LotekMedia Popup Form plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin settings in all versions up to, and including, 1.0.6 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Administrator-level...

CVE-2026-2420

The LotekMedia Popup Form plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin settings in all versions up to, and including, 1.0.6 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Administrator-level...

PT-2026-22727

The WP Zendesk for Contact Form 7, WPForms, Elementor, Formidable and Ninja Forms plugin for WordPress is vulnerable to Stored Cross-Site Scripting via form submission data in all versions up to, and including, 1.1.5 due to insufficient input sanitization and output escaping. This makes it possib...

CVE-2026-25418

The CVE-2026-25418 entry describes an SQL Injection vulnerability in WordPress Bit Form bit-form (affected: Bit Form