25020 matches found
EUVD-2026-17763
The Database for Contact Form 7, WPforms, Elementor forms plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the entriesshortcode function in all versions up to, and including, 1.4.9. This makes it possible for authenticated attackers, with...
WordPress Database for Contact Form 7, WPforms, Elementor forms plugin <= 1.4.9 - Missing Authorization to Authenticated (Contributor+) Sensitive Information Exposure via Shortcode vulnerability
Missing Authorization to Authenticated Contributor+ Sensitive Information Exposure via Shortcode vulnerability discovered by Quốc Huy jtwings - Puramu in WordPress Plugin Contact Form Entries versions = 1.4.9...
CVE-2026-3831
The Database for Contact Form 7, WPforms, Elementor forms plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the entriesshortcode function in all versions up to, and including, 1.4.9. This makes it possible for authenticated attackers, with...
CVE-2026-3774
The application allows PDF JavaScript and document/print actions such as WillPrint/DidPrint to update form fields, annotations, or optional content groups OCGs immediately before or after redaction, encryption, or printing. These script‑driven updates are not fully covered by the existing...
CVE-2026-3774 Self-Modifications Affecting Altered Printing and Redaction in Foxit PDF Editor
The application allows PDF JavaScript and document/print actions such as WillPrint/DidPrint to update form fields, annotations, or optional content groups OCGs immediately before or after redaction, encryption, or printing. These script‑driven updates are not fully covered by the existing...
CVE-2026-3774 Self-Modifications Affecting Altered Printing and Redaction in Foxit PDF Editor
The application allows PDF JavaScript and document/print actions such as WillPrint/DidPrint to update form fields, annotations, or optional content groups OCGs immediately before or after redaction, encryption, or printing. These script‑driven updates are not fully covered by the existing...
CVE-2026-3831 Database for Contact Form 7, WPforms, Elementor forms <= 1.4.9 - Missing Authorization to Authenticated (Contributor+) Sensitive Information Exposure via Shortcode
The Database for Contact Form 7, WPforms, Elementor forms plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the entriesshortcode function in all versions up to, and including, 1.4.9. This makes it possible for authenticated attackers, with...
CVE-2026-3831
The CVE-2026-3831 entry concerns the Database for Contact Form 7, WPforms, Elementor forms plugin for WordPress. A missing capability check in entries_shortcode() affects all versions up to 1.4.9, enabling authenticated users with Contributor-level access and above to access all form submissions ...
CVE-2026-3831 Database for Contact Form 7, WPforms, Elementor forms <= 1.4.9 - Missing Authorization to Authenticated (Contributor+) Sensitive Information Exposure via Shortcode
The Database for Contact Form 7, WPforms, Elementor forms plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the entriesshortcode function in all versions up to, and including, 1.4.9. This makes it possible for authenticated attackers, with...
Cross-site Scripting (XSS)
Overview Affected versions of this package are vulnerable to Cross-site Scripting XSS via the form title input field. An attacker can execute arbitrary JavaScript code in the browser of users who view the affected page by injecting malicious scripts into the form title field, which are then store...
GHSA-37FQ-47QJ-6J5J YesWiki has Persistent Blind XSS at "/?BazaR&vue=consulter"
Summary A stored and blind XSS vulnerability exists in the form title field. A malicious attacker can inject JavaScript without any authentication via a form title that is saved in the backend database. When any user visits that injected page, the JavaScript payload gets executed. Type: Stored an...
YesWiki has Persistent Blind XSS at "/?BazaR&vue=consulter"
Summary A stored and blind XSS vulnerability exists in the form title field. A malicious attacker can inject JavaScript without any authentication via a form title that is saved in the backend database. When any user visits that injected page, the JavaScript payload gets executed. Type: Stored an...
PT-2026-29441
The Database for Contact Form 7, WPforms, Elementor forms plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the entries shortcode function in all versions up to, and including, 1.4.9. This makes it possible for authenticated attackers, with...
WordPress plugin Database for Contact Form 7, WPforms, Elementor forms 安全漏洞
WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows users to create personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be added to a...
Amazon Linux 2023 : python3-tornado (ALAS2023-2026-1502)
It is, therefore, affected by a vulnerability as referenced in the ALAS2023-2026-1502 advisory. Tornado is a Python web framework and asynchronous networking library. In versions of Tornado prior to 6.5.5, the only limit on the number of parts in multipart/form-data is the maxbodysize setting...
PT-2026-29496
Summary A stored and blind XSS vulnerability exists in the form title field. A malicious attacker can inject JavaScript without any authentication via a form title that is saved in the backend database. When any user visits that injected page, the JavaScript payload gets executed. Type: Stored an...
TencentOS Server 3: osbuild-composer (TSSA-2026:0204)
The version of Tencent Linux installed on the remote TencentOS Server 3 host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the TSSA-2026:0204 advisory. Package updates are available for TencentOS Server 3 that fix the following vulnerabilities...
EUVD-2026-17626
Admidio has CSRF and Form Validation Bypass in Inventory Item Save via imported Parameter...
GHSA-4RWM-C5MJ-WH7X Admidio has CSRF and Form Validation Bypass in Inventory Item Save via `imported` Parameter
Summary The inventory module's itemsave endpoint accepts a user-controllable POST parameter imported that, when set to true, completely bypasses both CSRF token validation and server-side form validation. An authenticated user can craft a direct POST request to save arbitrary inventory item data...
Admidio has CSRF and Form Validation Bypass in Inventory Item Save via `imported` Parameter
Summary The inventory module's itemsave endpoint accepts a user-controllable POST parameter imported that, when set to true, completely bypasses both CSRF token validation and server-side form validation. An authenticated user can craft a direct POST request to save arbitrary inventory item data...