CVE-2026-24782

Kiteworks is a private data network PDN. Prior to version 9.3.0,ultiple SQL Injection vulnerabilities in Kiteworks Secure Data Forms could be exploited by an authenticated attacker with the FormBuilder role to retrieve information on or modify other users' form definitions and some global...

CVE-2026-24782 Kiteworks Secure Data Forms has a SQL Injection vulnerability

Kiteworks is a private data network PDN. Prior to version 9.3.0,ultiple SQL Injection vulnerabilities in Kiteworks Secure Data Forms could be exploited by an authenticated attacker with the FormBuilder role to retrieve information on or modify other users' form definitions and some global...

CVE-2026-24782 Kiteworks Secure Data Forms has a SQL Injection vulnerability

Kiteworks is a private data network PDN. Prior to version 9.3.0,ultiple SQL Injection vulnerabilities in Kiteworks Secure Data Forms could be exploited by an authenticated attacker with the FormBuilder role to retrieve information on or modify other users' form definitions and some global...

CVE-2026-24782

Kiteworks users are affected by multiple SQL injection flaws in Secure Data Forms prior to version 9.3.0. An authenticated attacker with the FormBuilder role can retrieve information on or modify other users’ form definitions and some global configuration parameters. The fix is to upgrade to Kite...

EUVD-2026-33842

Kiteworks is a private data network PDN. Prior to version 9.3.0,ultiple SQL Injection vulnerabilities in Kiteworks Secure Data Forms could be exploited by an authenticated attacker with the FormBuilder role to retrieve information on or modify other users' form definitions and some global...

CVE-2016-10910

The formbuilder plugin before 1.06 for WordPress has multiple XSS issues...

EUVD-2016-1904

Malware in sbrugna...

EUVD-2016-10447

Malware in sbrugna...

Linux Distros Unpatched Vulnerability : CVE-2016-9646

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - ikiwiki before 3.20161229 incorrectly called the CGI::FormBuilder-field method similar to the CGI-param API that led to Bugzilla's CVE-2014-1572, which can be...

CVE-2012-6715

The formbuilder plugin before 0.9.1 for WordPress has XSS via a Referer header...

SUSE CVE-2016-9646

ikiwiki before 3.20161229 incorrectly called the CGI::FormBuilder-field method similar to the CGI-param API that led to Bugzilla's CVE-2014-1572, which can be abused to lead to commit metadata forgery...

SUSE CVE-2017-0356

A flaw, similar to to CVE-2016-9646, exists in ikiwiki before 3.20170111, in the passwordauth plugin's use of CGI::FormBuilder, allowing an attacker to bypass authentication via repeated parameters...

WordPress FormBuilder plugin cross-site scripting vulnerability

WordPress is the Wordpress Foundation's set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on PHP and MySQL servers. WordPress plugin is a WordPress open source application plugin. WordPress FormBuilder plugin suffers from a cross-site...

CVE-2022-0830

The FormBuilder WordPress plugin through 1.08 does not have CSRF checks in place when creating/updating and deleting forms, and does not sanitise as well as escape its form field values. As a result, attackers could make logged in admin update and delete arbitrary forms via a CSRF attack, and put...

CVE-2022-0830

The CVE-2022-0830 entry describes a CSRF/XS S vulnerability in the WordPress FormBuilder plugin (<= 1.08). The plugin fails CSRF checks when creating/updating/deleting forms and does not sanitize/escape form field values, enabling an authenticated attacker to cause a logged-in admin to update/...

CVE-2022-0830 FormBuilder <= 1.08 - Stored Cross-Site Scripting via CSRF

The FormBuilder WordPress plugin through 1.08 does not have CSRF checks in place when creating/updating and deleting forms, and does not sanitise as well as escape its form field values. As a result, attackers could make logged in admin update and delete arbitrary forms via a CSRF attack, and put...

WordPress和WordPress plugin 跨站请求伪造漏洞

WordPress is the Wordpress Foundation's set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on PHP and MySQL servers. WordPress plugin is a WordPress open source application plugin. WordPress FormBuilder plugin suffers from a cross-site...

SQL Injection in Fork CMS

Fork CMS contains a SQL injection vulnerability in versions prior to version 5.11.1. When deleting submissions which belong to a formular made with module FormBuilder, the parameter id is vulnerable to SQL injection...

GHSA-Q863-CCHM-C6C6 SQL Injection in Fork CMS

Fork CMS contains a SQL injection vulnerability in versions prior to version 5.11.1. When deleting submissions which belong to a formular made with module FormBuilder, the parameter id is vulnerable to SQL injection...

FormBuilder <= 1.08 - Stored Cross-Site Scripting via CSRF

The plugin does not have CSRF checks in place when creating/updating and deleting forms, and does not sanitise as well as escape its form field values. As a result, attackers could make logged in admin update and delete arbitrary forms via a CSRF attack, and put Cross-Site Scripting payloads in...