Lucene search
K

15 matches found

Patchstack
Patchstack
added 2026/06/24 8:43 a.m.6 views

WordPress WP Forms Connector plugin <= 1.8 - Missing Authorization to Unauthenticated Information Exposure vulnerability

Missing Authorization to Unauthenticated Information Exposure vulnerability discovered by jamaal in WordPress Plugin WP Forms Connector versions = 1.8...

7.5CVSS5.8AI score0.00347EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2026/06/24 8:38 a.m.7 views

WordPress WP Forms Connector plugin <= 1.8 - Unauthenticated SQL Injection vulnerability

Unauthenticated SQL Injection vulnerability discovered by jamaal in WordPress Plugin WP Forms Connector versions = 1.8...

7.5CVSS6AI score0.00376EPSS
Exploits0References1Affected Software1
NVD
NVD
added 2026/06/24 7:16 a.m.13 views

CVE-2026-9179

The WP Forms Connector plugin for WordPress is vulnerable to SQL Injection via the 'order' parameter of the /wp-json/wp/v3/post/list REST endpoint in versions up to and including 1.8. This is due to insufficient escaping on the user-supplied 'order' parameter read directly from $GET'order' into...

7.5CVSS0.00376EPSS
Exploits0References4
NVD
NVD
added 2026/06/24 7:16 a.m.14 views

CVE-2026-9178

The WP Forms Connector plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 1.8. The plugin registers the REST route wp/v3/user/list/ callback userDetail with permissioncallback set to 'returntrue', and the function's home-grown authentication only...

7.5CVSS0.00347EPSS
Exploits0References5
EUVD
EUVD
added 2026/06/24 5:33 a.m.7 views

EUVD-2026-38689

The WP Forms Connector plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 1.8. The plugin registers the REST route wp/v3/user/list/ callback userDetail with permissioncallback set to 'returntrue', and the function's home-grown authentication only...

7.5CVSS6AI score0.00347EPSS
Exploits0References5
ATTACKERKB
ATTACKERKB
added 2026/06/24 5:33 a.m.6 views

CVE-2026-9178

The WP Forms Connector plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 1.8. The plugin registers the REST route wp/v3/user/list/ callback userDetail with permissioncallback set to 'returntrue', and the function's home-grown authentication only...

7.5CVSS6AI score0.00347EPSS
Exploits0References6
CVE
CVE
added 2026/06/24 5:33 a.m.17 views

CVE-2026-9178

The WP Forms Connector for WordPress (versions &lt;= 1.8) exposes sensitive user data via REST: wp/v3/user/list/ with a permissive permission_callback and weak internal auth. The vulnerability allows unauthenticated access to per-user data, including the WordPress password hash (user_pass) and em...

7.5CVSS6AI score0.00347EPSS
Exploits0References5
Cvelist
Cvelist
added 2026/06/24 5:33 a.m.31 views

CVE-2026-9179 WP Forms Connector <= 1.8 - Unauthenticated SQL Injection via 'order' Parameter

The WP Forms Connector plugin for WordPress is vulnerable to SQL Injection via the 'order' parameter of the /wp-json/wp/v3/post/list REST endpoint in versions up to and including 1.8. This is due to insufficient escaping on the user-supplied 'order' parameter read directly from $GET'order' into...

7.5CVSS0.00376EPSS
Exploits0References4
CVE
CVE
added 2026/06/24 5:33 a.m.16 views

CVE-2026-9179

Summary: WP Forms Connector for WordPress (versions ≤ 1.8) is susceptible to unauthenticated SQL injection via the order parameter in the /wp-json/wp/v3/post/list endpoint. The root cause is insufficient escaping of $_GET['order'], with the value concatenated into the ORDER BY clause and executed...

7.5CVSS5.9AI score0.00376EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/06/24 12:0 a.m.15 views

PT-2026-51693

Name of the Vulnerable Software and Affected Versions WP Forms Connector versions prior to 1.9 Description An issue exists where unauthenticated attackers can execute additional SQL queries to extract sensitive information from the database. This occurs via the /wp-json/wp/v3/post/list REST...

7.5CVSS5.9AI score0.00376EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 2026/06/24 12:0 a.m.14 views

PT-2026-51692

Name of the Vulnerable Software and Affected Versions WP Forms Connector versions prior to 1.9 Description The plugin contains an information exposure flaw via the REST route 'wp/v3/user/list/' which uses the userDetail function. The authentication mechanism only checks if the Username HTTP heade...

7.5CVSS6AI score0.00347EPSS
Exploits0References8
NVD
NVD
added 2025/10/22 3:15 p.m.7 views

CVE-2025-60209

Deserialization of Untrusted Data vulnerability in CRM Perks Connector for Gravity Forms and Google Sheets wp-gravity-forms-spreadsheets allows Object Injection.This issue affects Connector for Gravity Forms and Google Sheets: from n/a through = 1.2.6...

9.8CVSS0.00529EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/08/16 11:25 a.m.7 views

CVE-2025-54682

Cross-Site Request Forgery CSRF vulnerability in CRM Perks Connector for Gravity Forms and Google Sheets wp-gravity-forms-spreadsheets allows Cross Site Request Forgery.This issue affects Connector for Gravity Forms and Google Sheets: from n/a through = 1.2.4...

5.4CVSS5.9AI score0.00131EPSS
Exploits0References1
Cvelist
Cvelist
added 2025/08/14 10:34 a.m.17 views

CVE-2025-54682 WordPress Connector for Gravity Forms and Google Sheets Plugin plugin <= 1.2.4 - Cross Site Request Forgery (CSRF) Vulnerability

Cross-Site Request Forgery CSRF vulnerability in CRM Perks Connector for Gravity Forms and Google Sheets wp-gravity-forms-spreadsheets allows Cross Site Request Forgery.This issue affects Connector for Gravity Forms and Google Sheets: from n/a through = 1.2.4...

5.4CVSS0.00131EPSS
Exploits0References1
OSV
OSV
added 2023/07/17 2:15 p.m.5 views

CVE-2023-2330

The Caldera Forms Google Sheets Connector WordPress plugin before 1.3 does not have CSRF check when updating its Access Code, which could allow attackers to make logged in admin change the access code to an arbitrary one via a CSRF attack...

8.8CVSS6AI score0.00389EPSS
Exploits1References1
Rows per page
Query Builder