678 matches found
Infusionsoft Gravity Forms Add-on < 1.5.7 - Cross-Site Scripting
Multiple cross-site scripting vulnerabilities in tests/notAutotestContactServicepauseCampaign.php in the Infusionsoft Gravity Forms plugin before 1.5.6 for WordPress allow remote attackers to inject arbitrary web script or HTML via the 1 go, 2 contactId, or 3 campaignId parameter. id: CVE-2014-45...
CVE-2026-4394
The Gravity Forms plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Credit Card field's 'Card Type' sub-field input.4 in all versions up to, and including, 2.9.30. This is due to the getvalueentrydetail method in the GFFieldCreditCard class outputting the card type value...
CVE-2026-4406
The Gravity Forms plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the formids parameter in the gformgetconfig AJAX action in all versions up to, and including, 2.9.30. This is due to the GFCommon::sendjson method outputting JSON-encoded data wrapped in HTML comment...
CVE-2026-48866
Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' vulnerability in Rocketgenius Inc. Gravity Forms allows Path Traversal. This issue affects Gravity Forms: from n/a through 2.10.0.1...
Exploit for CVE-2026-48866
--- ┌────────────────────────────────────────────────────...
CVE-2026-48866
Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' vulnerability in Rocketgenius Inc. Gravity Forms allows Path Traversal. This issue affects Gravity Forms: from n/a through 2.10.0.1...
CVE-2026-48866 WordPress Gravity Forms plugin <= 2.10.0.1 - Arbitrary File Deletion vulnerability
Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' vulnerability in Rocketgenius Inc. Gravity Forms allows Path Traversal. This issue affects Gravity Forms: from n/a through 2.10.0.1...
CVE-2026-48866
CVE-2026-48866 concerns Gravity Forms for WordPress (Gravity Forms
EUVD-2026-33650
Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' vulnerability in Rocketgenius Inc. Gravity Forms allows Path Traversal. This issue affects Gravity Forms: from n/a through 2.10.0.1...
CVE-2026-48866 WordPress Gravity Forms plugin <= 2.10.0.1 - Arbitrary File Deletion vulnerability
Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' vulnerability in Rocketgenius Inc. Gravity Forms allows Path Traversal. This issue affects Gravity Forms: from n/a through 2.10.0.1...
WordPress Gravity Forms plugin <= 2.10.0.1 - Arbitrary File Deletion vulnerability
Arbitrary File Deletion vulnerability discovered by daroo in WordPress Plugin Gravity Forms versions = 2.10.0.1...
PT-2026-45440
Name of the Vulnerable Software and Affected Versions Gravity Forms versions prior to 2.10.0.2 Description An improper limitation of a pathname to a restricted directory, known as Path Traversal, exists in Gravity Forms. This allows an attacker to access files and directories outside of the...
WordPress plugin Gravity Forms has a path traversal vulnerability
WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. The...
WordPress Gravity Forms plugin <= 2.10.0 - Unauthenticated Stored Cross-Site Scripting vulnerability
Unauthenticated Stored Cross-Site Scripting vulnerability discovered by tadokun in WordPress Plugin Gravity Forms versions = 2.10.0...
WordPress Gravity Forms plugin <= 2.10.0 - Unauthenticated Stored Cross-Site Scripting vulnerability
Unauthenticated Stored Cross-Site Scripting vulnerability discovered by tadokun in WordPress Plugin Gravity Forms versions = 2.10.0...
WordPress Gravity Forms plugin <= 2.10.0 - Unauthenticated Stored Cross-Site Scripting vulnerability
Unauthenticated Stored Cross-Site Scripting vulnerability discovered by tadokun in WordPress Plugin Gravity Forms versions = 2.10.0...
WordPress Gravity Forms plugin <= 2.10.0 - Unauthenticated Stored Cross-Site Scripting vulnerability
Unauthenticated Stored Cross-Site Scripting vulnerability discovered by tadokun in WordPress Plugin Gravity Forms versions = 2.10.0...
WordPress Gravity Forms plugin <= 2.10.0 - Unauthenticated Stored Cross-Site Scripting vulnerability
Unauthenticated Stored Cross-Site Scripting vulnerability discovered by tadokun in WordPress Plugin Gravity Forms versions = 2.10.0...
CVE-2026-5112
The Gravity Forms plugin for WordPress is vulnerable to Unauthenticated Stored Cross-Site Scripting in versions up to and including 2.10.0. This is due to insufficient input validation and output escaping of Calculation Product field product names when rendered inside Repeater fields. The validat...
CVE-2026-5111
The Gravity Forms plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to and including 2.10.0. This is due to insufficient input validation and output escaping on Hidden Product field values when used inside Repeater fields, where repeater subfields bypass state...