CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

37 matches found

FormLift for Infusionsoft Web Forms <= 7.5.17 - SQL Injection

The FormLift for Infusionsoft Web Forms plugin for WordPress is vulnerable to SQL Injection via the 'formid' parameter in versions up to, and including, 7.5.17 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it...

9.8CVSS5.9AI score0.45041EPSS

Exploits0References4

Patchstack•added 2026/03/27 11:24 a.m.•2 views

WordPress FormLift for Infusionsoft Web Forms plugin <= 7.5.21 - Missing Authorization to Unauthenticated Infusionsoft Connection Hijack via OAuth Connection Flow vulnerability

Missing Authorization to Unauthenticated Infusionsoft Connection Hijack via OAuth Connection Flow vulnerability discovered by Nabil Irawan - Heroes Cyber Security in WordPress Plugin FormLift for Infusionsoft Web Forms versions = 7.5.21...

5.3CVSS5.9AI score0.00135EPSS

Exploits0References1Affected Software1

RedhatCVE•added 2026/03/27 4:59 a.m.•2 views

CVE-2026-4281

The FormLift for Infusionsoft Web Forms plugin for WordPress is vulnerable to Missing Authorization in all versions up to, and including, 7.5.21. This is due to missing capability checks on the connect and listenfortokens methods of the FormLiftInfusionsoftManager class, both of which are hooked ...

5.3CVSS6AI score0.00135EPSS

Exploits0References1

EUVD•added 2026/03/26 6:30 a.m.•2 views

EUVD-2026-16100

5.3CVSS6AI score0.00135EPSS

Exploits0References11

NVD•added 2026/03/26 5:16 a.m.•1 views

CVE-2026-4281

5.3CVSS0.00135EPSS

Exploits0References10

ATTACKERKB•added 2026/03/26 3:37 a.m.•2 views

CVE-2026-4281

5.3CVSS6AI score0.00135EPSS

Exploits0References11

Cvelist•added 2026/03/26 3:37 a.m.•27 views

CVE-2026-4281 FormLift for Infusionsoft Web Forms <= 7.5.21 - Missing Authorization to Unauthenticated Infusionsoft Connection Hijack via OAuth Connection Flow

5.3CVSS0.00135EPSS

Exploits0References10

Vulnrichment•added 2026/03/26 3:37 a.m.•1 views

CVE-2026-4281 FormLift for Infusionsoft Web Forms <= 7.5.21 - Missing Authorization to Unauthenticated Infusionsoft Connection Hijack via OAuth Connection Flow

5.3CVSS6AI score0.00135EPSS

Exploits0References10

CVE•added 2026/03/26 3:37 a.m.•2 views

CVE-2026-4281

The CVE concerns the FormLift for Infusionsoft Web Forms WordPress plugin. Affected versions: all up to 7.5.21. The vulnerability stems from missing capability checks in FormLift_Infusionsoft_Manager.connect() and FormLift_Infusionsoft_Manager.listen_for_tokens(), which run on every page load via...

5.3CVSS6AI score0.00135EPSS

Exploits0References10

CNNVD•added 2026/03/26 12:0 a.m.•2 views

WordPress plugin FormLift for Infusionsoft Web Forms 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows users to create personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be installed t...

5.3CVSS5.8AI score0.00135EPSS

Exploits0References10

Positive Technologies•added 2026/03/26 12:0 a.m.•1 views

PT-2026-28201

The FormLift for Infusionsoft Web Forms plugin for WordPress is vulnerable to Missing Authorization in all versions up to, and including, 7.5.21. This is due to missing capability checks on the connect and listen for tokens methods of the FormLift Infusionsoft Manager class, both of which are...

5.3CVSS6AI score0.00135EPSS

Exploits0References11

EUVD•added 2025/10/03 8:7 p.m.•0 views

EUVD-2024-37613

Malicious code in bioql PyPI...

9.8CVSS6.6AI score0.45041EPSS

Exploits0References1

EUVD•added 2025/10/03 8:7 p.m.•0 views

EUVD-2025-8604

Malicious code in bioql PyPI...

6.5CVSS9AI score0.00204EPSS

Exploits0References2

EUVD•added 2025/10/03 8:7 p.m.•3 views

EUVD-2025-19284

Malicious code in bioql PyPI...

7.1CVSS6.5AI score0.00185EPSS

Exploits0References1

RedhatCVE•added 2025/06/29 12:6 p.m.•5 views

CVE-2025-47654

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Adrian Tobey FormLift for Infusionsoft Web Forms formlift allows Reflected XSS.This issue affects FormLift for Infusionsoft Web Forms: from n/a through = 7.5.20...

7.1CVSS5.9AI score0.00185EPSS

Exploits0References1

NVD•added 2025/06/27 12:15 p.m.•2 views

CVE-2025-47654

7.1CVSS0.00185EPSS

Exploits0References1

Vulnrichment•added 2025/06/27 11:52 a.m.•3 views

CVE-2025-47654 WordPress FormLift for Infusionsoft Web Forms plugin <= 7.5.20 - Reflected Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Adrian Tobey FormLift for Infusionsoft Web Forms allows Reflected XSS. This issue affects FormLift for Infusionsoft Web Forms: from n/a through 7.5.20...

7.1CVSS7.2AI score0.00185EPSS

Exploits0References1

Cvelist•added 2025/06/27 11:52 a.m.•9 views

CVE-2025-47654 WordPress FormLift for Infusionsoft Web Forms plugin <= 7.5.20 - Reflected Cross Site Scripting (XSS) vulnerability

7.1CVSS0.00185EPSS

Exploits0References1

CVE•added 2025/06/27 11:52 a.m.•12 views

CVE-2025-47654

CVE-2025-47654 affects WordPress FormLift for Infusionsoft Web Forms (plugin) up to version 7.5.20. The vulnerability is a Reflected Cross-Site Scripting (XSS) due to improper input neutralization during web page generation. Impact is reflected XSS on affected sites. Remediation: upgrade FormLift...

7.1CVSS5.9AI score0.00185EPSS

Exploits0References1

Positive Technologies•added 2025/06/27 12:0 a.m.•1 views

PT-2025-27105 · Infusionsoft · Formlift For Infusionsoft Web Forms

Name of the Vulnerable Software and Affected Versions: FormLift for Infusionsoft Web Forms versions through 7.5.20 Description: The issue is related to Improper Neutralization of Input During Web Page Generation, also known as Cross-site Scripting, allowing Reflected XSS. Recommendations: For...

7.1CVSS7.2AI score0.00185EPSS

Exploits0References3

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by