WordPress GoZen Forms plugin <= 1.1.5 - Unauthenticated SQL Injection via emdedSc() vulnerability

Unauthenticated SQL Injection via emdedSc vulnerability discovered by Jonas Benjamin Friedli in WordPress Plugin GoZen Forms versions = 1.1.5...

EUVD-2025-19915

Malicious code in bioql PyPI...

CVE-2025-6782

The GoZen Forms plugin for WordPress is vulnerable to SQL Injection via the 'forms-id' parameter of the dirGZActiveForm function in all versions up to, and including, 1.1.5 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. Th...

CVE-2025-6783

The GoZen Forms plugin for WordPress is vulnerable to SQL Injection via the 'forms-id' parameter of the emdedSc function in all versions up to, and including, 1.1.5 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes...

CVE-2025-6783

The GoZen Forms plugin for WordPress is vulnerable to SQL Injection via the 'forms-id' parameter of the emdedSc function in all versions up to, and including, 1.1.5 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes...

CVE-2025-6783

The GoZen Forms plugin for WordPress is vulnerable to SQL Injection via the 'forms-id' parameter of the emdedSc function in all versions up to, and including, 1.1.5 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes...

CVE-2025-6782

The GoZen Forms plugin for WordPress is vulnerable to SQL Injection via the 'forms-id' parameter of the dirGZActiveForm function in all versions up to, and including, 1.1.5 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. Th...

CVE-2025-6782

The GoZen Forms plugin for WordPress is vulnerable to SQL Injection via the 'forms-id' parameter of the dirGZActiveForm function in all versions up to, and including, 1.1.5 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. Th...

CVE-2025-6782

CVE-2025-6782 : GoZen Forms (WordPress) up to version 1.1.5 is vulnerable to unauthenticated SQL Injection through the dirGZActiveForm() function via the forms-id parameter. The root cause is insufficient escaping and lack of proper SQL query preparation, enabling an attacker to append additional...

CVE-2025-6782 GoZen Forms <= 1.1.5 - Unauthenticated SQL Injection via dirGZActiveForm()

The GoZen Forms plugin for WordPress is vulnerable to SQL Injection via the 'forms-id' parameter of the dirGZActiveForm function in all versions up to, and including, 1.1.5 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. Th...

CVE-2025-6782 GoZen Forms <= 1.1.5 - Unauthenticated SQL Injection via dirGZActiveForm()

The GoZen Forms plugin for WordPress is vulnerable to SQL Injection via the 'forms-id' parameter of the dirGZActiveForm function in all versions up to, and including, 1.1.5 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. Th...

CVE-2025-6783 GoZen Forms <= 1.1.5 - Unauthenticated SQL Injection via emdedSc()

The GoZen Forms plugin for WordPress is vulnerable to SQL Injection via the 'forms-id' parameter of the emdedSc function in all versions up to, and including, 1.1.5 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes...

CVE-2025-6783

CVE-2025-6783 (GoZen Forms, WordPress) is an unauthenticated SQL injection in the GoZen Forms plugin for WordPress (versions

CVE-2025-6783 GoZen Forms <= 1.1.5 - Unauthenticated SQL Injection via emdedSc()

The GoZen Forms plugin for WordPress is vulnerable to SQL Injection via the 'forms-id' parameter of the emdedSc function in all versions up to, and including, 1.1.5 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes...

WordPress plugin GoZen Forms SQL注入漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A SQL injection...

WordPress plugin GoZen Forms SQL注入漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A SQL injection...

PT-2025-27852 · WordPress · Gozen Forms

Name of the Vulnerable Software and Affected Versions: GoZen Forms plugin for WordPress versions up to, and including, 1.1.5 Description: The issue allows unauthenticated attackers to perform SQL Injection via the forms-id parameter of the emdedSc function due to insufficient escaping on the...

PT-2025-27851 · WordPress · Gozen Forms

Name of the Vulnerable Software and Affected Versions: GoZen Forms plugin for WordPress versions prior to 1.1.5 Description: The issue allows for SQL Injection due to insufficient escaping on the forms-id parameter of the dirGZActiveForm function and lack of sufficient preparation on the existing...