Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

678 matches found

Nuclei
Nucleiadded 20 hours ago27 views

Infusionsoft Gravity Forms Add-on < 1.5.7 - Cross-Site Scripting

Multiple cross-site scripting vulnerabilities in tests/notAutotestContactServicepauseCampaign.php in the Infusionsoft Gravity Forms plugin before 1.5.6 for WordPress allow remote attackers to inject arbitrary web script or HTML via the 1 go, 2 contactId, or 3 campaignId parameter. id: CVE-2014-45...

6.1CVSS6.3AI score0.02649EPSS
Exploits2References5
RedhatCVE
RedhatCVEadded 2 days ago5 views

CVE-2026-4394

The Gravity Forms plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Credit Card field's 'Card Type' sub-field input.4 in all versions up to, and including, 2.9.30. This is due to the getvalueentrydetail method in the GFFieldCreditCard class outputting the card type value...

6.1CVSS5.7AI score0.00037EPSS
Exploits0References1
RedhatCVE
RedhatCVEadded 2 days ago4 views

CVE-2026-4406

The Gravity Forms plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the formids parameter in the gformgetconfig AJAX action in all versions up to, and including, 2.9.30. This is due to the GFCommon::sendjson method outputting JSON-encoded data wrapped in HTML comment...

4.7CVSS5.7AI score0.00043EPSS
Exploits0References1
RedhatCVE
RedhatCVEadded 2 days ago5 views

CVE-2026-48866

Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' vulnerability in Rocketgenius Inc. Gravity Forms allows Path Traversal. This issue affects Gravity Forms: from n/a through 2.10.0.1...

9.6CVSS5.4AI score0.00034EPSS
Exploits1References1
GithubExploit
GithubExploitadded 2 days ago41 views

Exploit for CVE-2026-48866

--- ┌────────────────────────────────────────────────────...

9.6CVSS5.6AI score0.00034EPSS
Exploits1
NVD
NVDadded 6 days ago8 views

CVE-2026-48866

Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' vulnerability in Rocketgenius Inc. Gravity Forms allows Path Traversal. This issue affects Gravity Forms: from n/a through 2.10.0.1...

9.6CVSS0.00034EPSS
Exploits1References1
Cvelist
Cvelistadded 6 days ago24 views

CVE-2026-48866 WordPress Gravity Forms plugin <= 2.10.0.1 - Arbitrary File Deletion vulnerability

Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' vulnerability in Rocketgenius Inc. Gravity Forms allows Path Traversal. This issue affects Gravity Forms: from n/a through 2.10.0.1...

9.6CVSS0.00034EPSS
Exploits1References1
CVE
CVEadded 6 days ago14 views

CVE-2026-48866

CVE-2026-48866 concerns Gravity Forms for WordPress (Gravity Forms

9.6CVSS5.8AI score0.00034EPSS
Exploits1References1
EUVD
EUVDadded 6 days ago8 views

EUVD-2026-33650

Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' vulnerability in Rocketgenius Inc. Gravity Forms allows Path Traversal. This issue affects Gravity Forms: from n/a through 2.10.0.1...

9.6CVSS5.8AI score0.00034EPSS
Exploits1References1
Vulnrichment
Vulnrichmentadded 6 days ago6 views

CVE-2026-48866 WordPress Gravity Forms plugin <= 2.10.0.1 - Arbitrary File Deletion vulnerability

Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' vulnerability in Rocketgenius Inc. Gravity Forms allows Path Traversal. This issue affects Gravity Forms: from n/a through 2.10.0.1...

9.6CVSS5.8AI score0.00034EPSS
Exploits1References1
Patchstack
Patchstackadded 6 days ago8 views

WordPress Gravity Forms plugin <= 2.10.0.1 - Arbitrary File Deletion vulnerability

Arbitrary File Deletion vulnerability discovered by daroo in WordPress Plugin Gravity Forms versions = 2.10.0.1...

9.6CVSS5.8AI score0.00034EPSS
Exploits1Affected Software1
Positive Technologies
Positive Technologiesadded 6 days ago9 views

PT-2026-45440

Name of the Vulnerable Software and Affected Versions Gravity Forms versions prior to 2.10.0.2 Description An improper limitation of a pathname to a restricted directory, known as Path Traversal, exists in Gravity Forms. This allows an attacker to access files and directories outside of the...

9.6CVSS5.8AI score0.00034EPSS
Exploits1References5
CNNVD
CNNVDadded 6 days ago5 views

WordPress plugin Gravity Forms has a path traversal vulnerability

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. The...

9.6CVSS5.8AI score0.00034EPSS
Exploits1References1
Patchstack
Patchstackadded 2026/05/05 11:30 a.m.3 views

WordPress Gravity Forms plugin <= 2.10.0 - Unauthenticated Stored Cross-Site Scripting vulnerability

Unauthenticated Stored Cross-Site Scripting vulnerability discovered by tadokun in WordPress Plugin Gravity Forms versions = 2.10.0...

7.2CVSS5.8AI score0.00021EPSS
Exploits0References1Affected Software1
Patchstack
Patchstackadded 2026/05/05 11:29 a.m.4 views

WordPress Gravity Forms plugin <= 2.10.0 - Unauthenticated Stored Cross-Site Scripting vulnerability

Unauthenticated Stored Cross-Site Scripting vulnerability discovered by tadokun in WordPress Plugin Gravity Forms versions = 2.10.0...

7.2CVSS5.8AI score0.00021EPSS
Exploits0References1Affected Software1
Patchstack
Patchstackadded 2026/05/05 11:28 a.m.3 views

WordPress Gravity Forms plugin <= 2.10.0 - Unauthenticated Stored Cross-Site Scripting vulnerability

Unauthenticated Stored Cross-Site Scripting vulnerability discovered by tadokun in WordPress Plugin Gravity Forms versions = 2.10.0...

7.2CVSS5.8AI score0.00021EPSS
Exploits0References1Affected Software1
Patchstack
Patchstackadded 2026/05/05 11:8 a.m.5 views

WordPress Gravity Forms plugin <= 2.10.0 - Unauthenticated Stored Cross-Site Scripting vulnerability

Unauthenticated Stored Cross-Site Scripting vulnerability discovered by tadokun in WordPress Plugin Gravity Forms versions = 2.10.0...

7.2CVSS5.8AI score0.00021EPSS
Exploits0References1Affected Software1
Patchstack
Patchstackadded 2026/05/05 11:7 a.m.5 views

WordPress Gravity Forms plugin <= 2.10.0 - Unauthenticated Stored Cross-Site Scripting vulnerability

Unauthenticated Stored Cross-Site Scripting vulnerability discovered by tadokun in WordPress Plugin Gravity Forms versions = 2.10.0...

7.2CVSS5.8AI score0.00021EPSS
Exploits0References1Affected Software1
RedhatCVE
RedhatCVEadded 2026/05/04 8:21 p.m.1 views

CVE-2026-5112

The Gravity Forms plugin for WordPress is vulnerable to Unauthenticated Stored Cross-Site Scripting in versions up to and including 2.10.0. This is due to insufficient input validation and output escaping of Calculation Product field product names when rendered inside Repeater fields. The validat...

7.2CVSS6AI score0.00021EPSS
Exploits0References1
RedhatCVE
RedhatCVEadded 2026/05/04 8:21 p.m.2 views

CVE-2026-5111

The Gravity Forms plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to and including 2.10.0. This is due to insufficient input validation and output escaping on Hidden Product field values when used inside Repeater fields, where repeater subfields bypass state...

7.2CVSS6AI score0.00021EPSS
Exploits0References1
Rows per page
Query Builder