8327 matches found
CVE-2026-12404
The NEX-Forms – Ultimate Forms Plugin for WordPress plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 9.2.2. This is due to the plugin not properly verifying that a user is authorized to perform an action. This makes it possible for unauthenticated...
CVE-2026-12404
The CVE concerns the NEX-Forms – Ultimate Forms Plugin for WordPress. All versions up to and including 9.2.2 are vulnerable to an authorization bypass due to improper verification of user permissions. This allows unauthenticated attackers to enumerate sequential report IDs and download complete f...
CVE-2026-12404 NEX-Forms <= 9.2.2 - Missing Authorization to Unauthenticated Sensitive Information Disclosure via CSVExport Class
The NEX-Forms – Ultimate Forms Plugin for WordPress plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 9.2.2. This is due to the plugin not properly verifying that a user is authorized to perform an action. This makes it possible for unauthenticated...
EUVD-2026-37512
pydantic-ai: SSRF blocklist bypass via IPv4-compatible, SIIT/IVI, and local NAT64 IPv6 addresses incomplete fix of CVE-2026-46678...
CVE-2026-57312
Unauthenticated Cross Site Scripting XSS in Everest Forms = 3.4.8 versions...
CVE-2026-56069
Unauthenticated Insecure Direct Object References IDOR in Toolset Forms = 2.6.24 versions...
CVE-2026-57312 WordPress Everest Forms plugin <= 3.4.8 - Reflected Cross Site Scripting (XSS) vulnerability
Unauthenticated Cross Site Scripting XSS in Everest Forms = 3.4.8 versions...
EUVD-2026-39725
Unauthenticated Cross Site Scripting XSS in Everest Forms = 3.4.8 versions...
CVE-2026-57312
CVE-2026-57312 affects the WordPress plugin Everest Forms up to version 3.4.8 . The connected documents describe an unauthenticated Cross-Site Scripting (XSS) vulnerability, identified as a reflected XSS in CVE-2026-57312. The exact vectors, input points, and root cause details are not provided i...
CVE-2026-56069 WordPress Toolset Forms plugin <= 2.6.24 - Insecure Direct Object References (IDOR) vulnerability
Unauthenticated Insecure Direct Object References IDOR in Toolset Forms = 2.6.24 versions...
EUVD-2026-39722
Unauthenticated Insecure Direct Object References IDOR in Toolset Forms = 2.6.24 versions...
CVE-2026-56069
This CVE concerns the WordPress Toolset Forms plugin (versions up to 2.6.24). The issue is an Unauthenticated Insecure Direct Object Reference (IDOR) in Toolset Forms, allowing access to objects without authentication. The CVSS 3.1 vector indicates network attack, low attack complexity, no privil...
CVE-2026-2508
The Gravity Forms Booking plugin for WordPress is vulnerable to time-based SQL Injection via the ‘staffid’ parameter in all versions up to, and including, 2.7.1 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it...
EUVD-2026-39167
The Gravity Forms Booking plugin for WordPress is vulnerable to time-based SQL Injection via the ‘staffid’ parameter in all versions up to, and including, 2.7.1 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it...
CVE-2026-2508 Gravity Forms Booking <= 2.7.1 - Authenticated (Subscriber+) Time-Based SQL Injection via 'staff_id'
The Gravity Forms Booking plugin for WordPress is vulnerable to time-based SQL Injection via the ‘staffid’ parameter in all versions up to, and including, 2.7.1 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it...
CVE-2026-2508
CVE-2026-2508 affects the Gravity Forms Booking plugin for WordPress, all versions up to and including 2.7.1. The vulnerability is a time-based SQL Injection via the 'staff_id' parameter caused by insufficient escaping and lack of proper query preparation. Authenticated attackers with Subscriber-...
Astra Linux – Vulnerability in Chromium
The use of after-free in Forms in Google Chrome before version 147.0.7727.101 allowed a remote attacker to execute arbitrary code within a sandbox through a crafted HTML page. Chromium security severity: High...
WordPress WP Forms Connector plugin <= 1.8 - Missing Authorization to Unauthenticated Information Exposure vulnerability
Missing Authorization to Unauthenticated Information Exposure vulnerability discovered by jamaal in WordPress Plugin WP Forms Connector versions = 1.8...
WordPress WP Forms Connector plugin <= 1.8 - Unauthenticated SQL Injection vulnerability
Unauthenticated SQL Injection vulnerability discovered by jamaal in WordPress Plugin WP Forms Connector versions = 1.8...
CVE-2026-9179
The WP Forms Connector plugin for WordPress is vulnerable to SQL Injection via the 'order' parameter of the /wp-json/wp/v3/post/list REST endpoint in versions up to and including 1.8. This is due to insufficient escaping on the user-supplied 'order' parameter read directly from $GET'order' into...