CVE-2026-32446

The CVE refers to a Missing Authorization vulnerability in the WPForms plugin for WordPress (wpforms-lite). Affected: Contact Form by WPForms wpforms-lite, versions <= 1.9.9.3 (reported as from n/a through

CVE-2026-32433 WordPress CP Contact Form with Paypal plugin <= 1.3.61 - SQL Injection vulnerability

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in codepeople CP Contact Form with Paypal cp-contact-form-with-paypal allows Blind SQL Injection.This issue affects CP Contact Form with Paypal: from n/a through = 1.3.61...

CVE-2026-32433

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in codepeople CP Contact Form with Paypal cp-contact-form-with-paypal allows Blind SQL Injection.This issue affects CP Contact Form with Paypal: from n/a through = 1.3.61...

CVE-2026-32433 WordPress CP Contact Form with Paypal plugin <= 1.3.61 - SQL Injection vulnerability

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in codepeople CP Contact Form with Paypal cp-contact-form-with-paypal allows Blind SQL Injection.This issue affects CP Contact Form with Paypal: from n/a through = 1.3.61...

CVE-2026-32433

The CVE concerns WordPress plugin CP Contact Form with Paypal (cp-contact-form-with-paypal) version &lt;= 1.3.61. It describes an SQL Injection vulnerability caused by improper neutralization of special elements in database queries, resulting in blind SQL Injection. Affected scope is CP Contact F...

CVE-2026-32432

Missing Authorization vulnerability in codepeople WP Time Slots Booking Form wp-time-slots-booking-form allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP Time Slots Booking Form: from n/a through = 1.2.42...

CVE-2026-32385 WordPress RegistrationMagic plugin <= 6.0.7.6 - Broken Access Control vulnerability

Missing Authorization vulnerability in Metagauss RegistrationMagic custom-registration-form-builder-with-submission-manager allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects RegistrationMagic: from n/a through = 6.0.7.6...

CVE-2026-32385

Missing Authorization vulnerability in Metagauss RegistrationMagic custom-registration-form-builder-with-submission-manager allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects RegistrationMagic: from n/a through = 6.0.7.6...

CVE-2026-32385 WordPress RegistrationMagic plugin <= 6.0.7.6 - Broken Access Control vulnerability

Missing Authorization vulnerability in Metagauss RegistrationMagic custom-registration-form-builder-with-submission-manager allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects RegistrationMagic: from n/a through = 6.0.7.6...

CVE-2026-32332 WordPress Easy Form plugin <= 2.7.9 - Broken Access Control vulnerability

Missing Authorization vulnerability in Ays Pro Easy Form easy-form allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Easy Form: from n/a through = 2.7.9...

CVE-2026-32332

CVE-2026-32332 affects the WordPress WordPress Easy Form plugin up to version 2.7.9. The issue is a Missing Authorization vulnerability stemming from incorrectly configured access control in Easy Form, potentially allowing unauthorized access to certain features due to insufficient authorization ...

CVE-2026-32332 WordPress Easy Form plugin <= 2.7.9 - Broken Access Control vulnerability

Missing Authorization vulnerability in Ays Pro Easy Form easy-form allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Easy Form: from n/a through = 2.7.9...

CVE-2026-32332

Missing Authorization vulnerability in Ays Pro Easy Form easy-form allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Easy Form: from n/a through = 2.7.9...

CVE-2026-3986

The Calculated Fields Form plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the form settings in all versions up to, and including, 5.4.5.0. This is due to insufficient capability checks on the form settings save handler and insufficient input sanitization of the fcontent fie...

CVE-2026-3986 Calculated Fields Form <= 5.4.5.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via Form Settings

The Calculated Fields Form plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the form settings in all versions up to, and including, 5.4.5.0. This is due to insufficient capability checks on the form settings save handler and insufficient input sanitization of the fcontent fie...

CVE-2026-3986 Calculated Fields Form <= 5.4.5.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via Form Settings

The Calculated Fields Form plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the form settings in all versions up to, and including, 5.4.5.0. This is due to insufficient capability checks on the form settings save handler and insufficient input sanitization of the fcontent fie...

CVE-2026-3986

The CVE CVE-2026-3986 affects the Calculated Fields Form WordPress plugin. The vulnerability is a Stored Cross-Site Scripting flaw in form settings (fcontent in fhtml field types) caused by insufficient capability checks on the form settings save handler and inadequate input sanitization. Affecte...

CVE-2026-2890 Formidable Forms <= 6.28 - Missing Authorization to Unauthenticated Payment Integrity Bypass via PaymentIntent Reuse

The Formidable Forms plugin for WordPress is vulnerable to a payment integrity bypass in all versions up to, and including, 6.28. This is due to the Stripe Link return handler handleonetimestripelinkreturnurl marking payment records as complete based solely on the Stripe PaymentIntent status...

WordPress Calculated Fields Form plugin <= 5.4.5.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via Form Settings vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via Form Settings vulnerability discovered by Hunter Jensen skid in WordPress Plugin Calculated Fields Form versions = 5.4.5.0...

PT-2026-25232

Missing Authorization vulnerability in Metagauss RegistrationMagic custom-registration-form-builder-with-submission-manager allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects RegistrationMagic: from n/a through = 6.0.7.6...