15 matches found
WordPress WP Forms Connector plugin <= 1.8 - Missing Authorization to Unauthenticated Information Exposure vulnerability
Missing Authorization to Unauthenticated Information Exposure vulnerability discovered by jamaal in WordPress Plugin WP Forms Connector versions = 1.8...
WordPress WP Forms Connector plugin <= 1.8 - Unauthenticated SQL Injection vulnerability
Unauthenticated SQL Injection vulnerability discovered by jamaal in WordPress Plugin WP Forms Connector versions = 1.8...
CVE-2026-9179
The WP Forms Connector plugin for WordPress is vulnerable to SQL Injection via the 'order' parameter of the /wp-json/wp/v3/post/list REST endpoint in versions up to and including 1.8. This is due to insufficient escaping on the user-supplied 'order' parameter read directly from $GET'order' into...
CVE-2026-9178
The WP Forms Connector plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 1.8. The plugin registers the REST route wp/v3/user/list/ callback userDetail with permissioncallback set to 'returntrue', and the function's home-grown authentication only...
EUVD-2026-38689
The WP Forms Connector plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 1.8. The plugin registers the REST route wp/v3/user/list/ callback userDetail with permissioncallback set to 'returntrue', and the function's home-grown authentication only...
CVE-2026-9178
The WP Forms Connector plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 1.8. The plugin registers the REST route wp/v3/user/list/ callback userDetail with permissioncallback set to 'returntrue', and the function's home-grown authentication only...
CVE-2026-9178
The WP Forms Connector for WordPress (versions <= 1.8) exposes sensitive user data via REST: wp/v3/user/list/ with a permissive permission_callback and weak internal auth. The vulnerability allows unauthenticated access to per-user data, including the WordPress password hash (user_pass) and em...
CVE-2026-9179 WP Forms Connector <= 1.8 - Unauthenticated SQL Injection via 'order' Parameter
The WP Forms Connector plugin for WordPress is vulnerable to SQL Injection via the 'order' parameter of the /wp-json/wp/v3/post/list REST endpoint in versions up to and including 1.8. This is due to insufficient escaping on the user-supplied 'order' parameter read directly from $GET'order' into...
CVE-2026-9179
Summary: WP Forms Connector for WordPress (versions ≤ 1.8) is susceptible to unauthenticated SQL injection via the order parameter in the /wp-json/wp/v3/post/list endpoint. The root cause is insufficient escaping of $_GET['order'], with the value concatenated into the ORDER BY clause and executed...
PT-2026-51693
Name of the Vulnerable Software and Affected Versions WP Forms Connector versions prior to 1.9 Description An issue exists where unauthenticated attackers can execute additional SQL queries to extract sensitive information from the database. This occurs via the /wp-json/wp/v3/post/list REST...
PT-2026-51692
Name of the Vulnerable Software and Affected Versions WP Forms Connector versions prior to 1.9 Description The plugin contains an information exposure flaw via the REST route 'wp/v3/user/list/' which uses the userDetail function. The authentication mechanism only checks if the Username HTTP heade...
CVE-2025-60209
Deserialization of Untrusted Data vulnerability in CRM Perks Connector for Gravity Forms and Google Sheets wp-gravity-forms-spreadsheets allows Object Injection.This issue affects Connector for Gravity Forms and Google Sheets: from n/a through = 1.2.6...
CVE-2025-54682
Cross-Site Request Forgery CSRF vulnerability in CRM Perks Connector for Gravity Forms and Google Sheets wp-gravity-forms-spreadsheets allows Cross Site Request Forgery.This issue affects Connector for Gravity Forms and Google Sheets: from n/a through = 1.2.4...
CVE-2025-54682 WordPress Connector for Gravity Forms and Google Sheets Plugin plugin <= 1.2.4 - Cross Site Request Forgery (CSRF) Vulnerability
Cross-Site Request Forgery CSRF vulnerability in CRM Perks Connector for Gravity Forms and Google Sheets wp-gravity-forms-spreadsheets allows Cross Site Request Forgery.This issue affects Connector for Gravity Forms and Google Sheets: from n/a through = 1.2.4...
CVE-2023-2330
The Caldera Forms Google Sheets Connector WordPress plugin before 1.3 does not have CSRF check when updating its Access Code, which could allow attackers to make logged in admin change the access code to an arbitrary one via a CSRF attack...